Use incoming webhooks to get real-time updates

Stripe uses webhooks to notify your application when an event happens in your account. Webhooks are particularly useful for asynchronous events like when a customer’s bank confirms a payment, a customer disputes a charge, a recurring payment succeeds, or when collecting subscription payments.

How Stripe uses webhooks

A webhook enables Stripe to push real-time notifications to your app. Stripe uses HTTPS to send these notifications to your app as a JSON payload. You can then use these notifications to execute actions in your backend systems. To learn more, see Stripe webhook events overview.

Steps to receive webhooks

You can start receiving event notifications in your app using the steps in this section:

1. Identify the events you want to monitor and the event payloads to parse.
2. Create a webhook endpoint as an HTTP endpoint (URL) on your local server.
3. Handle requests from Stripe by parsing each event object and returning 2xx response status codes.
4. Test that your webhook endpoint is working properly using the Stripe CLI.
5. Deploy your webhook endpoint so it’s a publicly accessible HTTPS URL.
6. Register your publicly accessible HTTPS URL in the Stripe dashboard.

How to create a webhook endpoint

Creating a webhook endpoint is no different from creating any other page on your website. It’s an HTTP or HTTPS endpoint on your server with a URL. If you’re still developing your endpoint on your local machine, it can be HTTP. After it’s publicly accessible, it must be HTTPS. You can use one endpoint to handle several different event types at once, or set up individual endpoints for specific events.

Step 1: Identify the events to monitor

Use the API reference guide to identify the Stripe events and their event objects your webhook endpoint needs to parse. Optionally, retrieve a subset of these events supported in the CLI:

stripe trigger

Step 2: Create a webhook endpoint

Set up an HTTP endpoint on your local machine that can accept unauthenticated webhook requests with a POST method. For example, this route in Flask is a map to a Python webhook function:

@app.route('/stripe_webhooks', methods=['POST'])
def webhook():
    stripe_payload = request.json

In this example, the /stripe_webhooks route is configured to accept only POST requests and expects data to be delivered in a JSON payload.

Step 3: Handle requests from Stripe

Your endpoint must be configured to read event objects for the type of event notifications you want to receive. Stripe sends events to your webhook endpoint as part of a POST request with a JSON payload.

Check event objects

Each event is structured as an event object with a type, id, and related Stripe resource nested under data. Your endpoint must check the event type and parse the payload of each event.

{
  "id": "evt_2Zj5zzFU3a9abcZ1aYYYaaZ1",
  "object": "event",
  "api_version": "2022-11-15",
  "created": 1633887337,
  "data": {
    "object": {...}
}

Return a 2xx response

Your endpoint must quickly return a successful status code (2xx) prior to any complex logic that could cause a timeout. For example, you must return a 200 response before updating a customer’s invoice as paid in your accounting system.

@app.route('/stripe_webhooks', methods=['POST'])
def webhook():
    event = None
    payload = request.data
    sig_header = request.headers['STRIPE_SIGNATURE']

    try:
        event = stripe.Webhook.construct_event(
            payload, sig_header, endpoint_secret
        )
    except ValueError as e:
        # Invalid payload
        raise e
    except stripe.error.SignatureVerificationError as e:
        # Invalid signature
        raise e

    # Handle the event
    print('Handled event type {}'.format(event['type']))

    return jsonify(success=True)

In the above example, the Python function checks that the event type was received, and returns a 200 response.

Built-in retries

Stripe webhooks have built-in retry methods for 3xx, 4xx, or 5xx response status codes. If Stripe doesn’t quickly receive a 2xx response status code for an event, we mark the event as failed and stop trying to send it to your endpoint. After multiple days, we email you about the misconfigured endpoint, and automatically disable it soon after if you haven’t addressed it.

Step 4: Secure your webhooks (recommended)

Use webhook signatures to verify that Stripe generated a webhook request and that it didn’t come from a server acting like Stripe.

Step 5: Try the interactive webhook endpoint builder

To get started, build a webhook endpoint in your programming language using our interactive webhook endpoint builder.

Sample code

require 'json'

# Using Sinatra
post '/webhook' do
  payload = request.body.read
  event = nil

  begin
    event = Stripe::Event.construct_from(
      JSON.parse(payload, symbolize_names: true)
    )
  rescue JSON::ParserError => e
    # Invalid payload
    status 400
    return
  end

  # Handle the event
  case event.type
  when 'payment_intent.succeeded'
    payment_intent = event.data.object # contains a Stripe::PaymentIntent
    # Then define and call a method to handle the successful payment intent.
    # handle_payment_intent_succeeded(payment_intent)
  when 'payment_method.attached'
    payment_method = event.data.object # contains a Stripe::PaymentMethod
    # Then define and call a method to handle the successful attachment of a PaymentMethod.
    # handle_payment_method_attached(payment_method)
  # ... handle other event types
  else
    puts "Unhandled event type: #{event.type}"
  end

  status 200
end