Stripe Webhooks

Stripe sends rich payment and subscription events. HookNexus gives you a stable public URL, full request history, and real-time inspection—ideal while you build handlers, compare test vs live mode, or debug signature issues without touching production infrastructure.

Overview

• Why HookNexus: Capture every Stripe delivery in one place, inspect payloads, and verify Stripe-Signature against your signing secret—before your app code runs.
• Your webhook URL: https://api.hooknexus.com/h/{endpoint-id} (replace {endpoint-id} with the ID from the HookNexus dashboard).

Configure Stripe

1. Open Stripe Webhooks

   In Stripe Dashboard go to Developers → Webhooks → Add endpoint (or edit an existing endpoint).

2. Set the endpoint URL

   Paste your HookNexus URL:

   https://api.hooknexus.com/h/YOUR_ENDPOINT_ID

3. Choose events

   Under Select events, pick the events your integration needs (see Common events below). You can start with a small set and add more later.

4. Save and copy the signing secret

   After creating the endpoint, Stripe shows a Signing secret starting with whsec_. Store it securely—you need it for signature verification in HookNexus or your app.

Caution

Use separate Stripe webhook endpoints (and thus separate HookNexus endpoints or secrets) for test and live mode. Mixing modes makes debugging confusing.

Send test events

1. From the webhook endpoint page

   Open your endpoint in Developers → Webhooks, select the endpoint, then use Send test webhook (wording may vary by Stripe UI version).

2. Pick an event type

   Choose an event such as payment_intent.succeeded or checkout.session.completed, then send.

3. Confirm in HookNexus

   The request should appear in the HookNexus dashboard for that endpoint within seconds.

Signature verification

Stripe signs the raw body with HMAC-SHA256. The Stripe-Signature header looks like t=timestamp,v1=signature.

1. In HookNexus, open a captured request from Stripe.
2. Open the Verify Signature flow (see Signature Verification).
3. Choose Stripe and paste your whsec_... signing secret.

You can also call the API:

curl -X POST https://api.hooknexus.com/api/verify-signature \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "stripe",
    "payload": "<paste raw body exactly as received>",
    "signature": "<value of Stripe-Signature header>",
    "secret": "whsec_xxxxxxxx"
  }'

Tip

Verification must use the exact raw request body Stripe sent. If your middleware parses JSON and re-stringifies it, the signature will not match.

Common events

Event	When it fires
checkout.session.completed	Checkout finishes successfully
payment_intent.succeeded	Payment succeeds
invoice.paid	Invoice is paid (subscriptions, invoicing)
customer.subscription.updated	Subscription fields change (plan, status, trial, etc.)

Local development

Use Stripe Dashboard → Webhooks → Send test event to hit your HookNexus URL, or Stripe CLI to forward events from Stripe to any URL you control. Inspect the full payload in HookNexus, then point your app at the same shapes when you wire up your own HTTP handler.

Troubleshooting

Symptom	What to check
No requests in HookNexus	Confirm the URL has no typos; use test dashboard URL with test mode keys.
4xx/5xx from Stripe’s delivery log	HookNexus accepts POSTs to /h/...; ensure the path matches your endpoint ID.
Signature always invalid	Use whsec_ from the same endpoint; verify raw body; check clock skew if implementing replay windows yourself.
Wrong event shape	Stripe API versions differ; check Developers → Webhooks → endpoint API version.

Note

HookNexus records what it receives. If Stripe retries, you may see duplicate deliveries—handle idempotency in your application logic.