Set Up Your Environment
- Ensure you have Node.js and npm installed on your machine. If not, download and install them from the official Node.js website.
- Use npm to create a new Node.js project by running
npm init -y. This will generate a package.json file necessary for managing dependencies.
- Install the Stripe library using npm with
npm install stripe to communicate with Stripe's API.
Install and Configure a Server Framework
- Choose a server framework like Express.js to handle incoming HTTP requests. Install Express.js with
npm install express.
- Create a new server file, e.g.,
server.js, and set up a basic Express server to listen for incoming requests:
const express = require('express');
const app = express();
const port = 3000;
app.use(express.json());
app.listen(port, () => {
console.log(`Server running on port ${port}`);
});
Set Up Stripe Webhooks
- Create a webhook endpoint that Stripe can call with event data. Add the endpoint to your
server.js:
app.post('/webhook', (request, response) => {
let event;
try {
event = request.body;
} catch (err) {
response.status(400).send(`Webhook Error: ${err.message}`);
return;
}
// Respond to the event
switch (event.type) {
case 'payment_intent.succeeded':
const paymentIntent = event.data.object;
console.log('PaymentIntent was successful!');
break;
// Handle other event types
default:
console.log(`Unhandled event type ${event.type}`);
}
response.json({ received: true });
});
Verify Webhooks
- Security is crucial when dealing with webhooks. Stripe sends a signature header (
Stripe-Signature) you should verify to ensure the webhook's authenticity. Set up your endpoint to verify this signature:
const stripe = require('stripe')('your-stripe-secret-key');
app.post('/webhook', express.raw({ type: 'application/json' }), (request, response) => {
const sig = request.headers['stripe-signature'];
const endpointSecret = 'your-webhook-secret';
let event;
try {
event = stripe.webhooks.constructEvent(request.body, sig, endpointSecret);
} catch (err) {
response.status(400).send(`Webhook Error: ${err.message}`);
return;
}
// Handle the event
switch (event.type) {
case 'payment_intent.succeeded':
const paymentIntent = event.data.object;
console.log('PaymentIntent was successful!');
break;
default:
console.log(`Unhandled event type ${event.type}`);
}
response.json({ received: true });
});
Test Your Webhook Locally
- Use a tool like ngrok to create a public URL for your local server. This allows Stripe to send webhook events to your local machine. Run
ngrok http 3000 to create the tunnel.
- Update the webhook endpoint URL on your Stripe dashboard to the URL provided by ngrok (e.g.,
https://your-ngrok-url.ngrok.io/webhook).
- Trigger events in your Stripe account to see if they are correctly received and handled by your Node.js application.
Best Practices and Considerations
- Always use HTTPS in production environments to securely receive webhook events. Ngrok can help with this during development, but real production URLs should be secured with SSL/TLS certificates.
- Keep endpoint URLs hidden and secure by not exposing sensitive details in your codebase or public repositories.
- Scale your webhook handling logic to be idempotent, ensuring the server can handle multiple identical webhooks without performing the same action twice.
