Skip to main content
__wf_reserved_inherit

Stripe Webhook Secret

Description

General

  • Documentation: https://stripe.com/docs/webhooks/best-practices#endpoint-secrets
  • Summary: Stripe offers payment processing software and application programming interfaces (APIs) for e-commerce websites and mobile application. It can be integrated with webhooks to communicate with external applications. Events sent by Stripe via a webhook are signed to avoid a replay attack. The key used to sign these events should remain secret. This detector aims at catching such keys.

Revoke the secret

Webhooks secrets can be issued and revoked from the dashboard dedicated page.'

Check for suspicious activity

In addition to signing webhook events, Stripe sends events only from a given list of IPs. Checking the origin of webhook messages can help to detect suspicious activities.

Details for Stripe webhook secret

  • Family: Api

  • Category: Payment system

  • Company: Stripe

  • High recall: True

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 8.52

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - whsec_

Examples

- text: 'stripe_wh_secret: whsec_VV1cfC0WFqnTPzHIAYUnnDS0t9g8I3Az'
  apikey: whsec_VV1cfC0WFqnTPzHIAYUnnDS0t9g8I3Az

- text: 'stripe_wh_secret: whsec_b2e1ebdcbdaf9ea3f983cf401e6e6cc1318cdadbecca663b0c8c0dc7f4ad7f87'
  apikey: whsec_b2e1ebdcbdaf9ea3f983cf401e6e6cc1318cdadbecca663b0c8c0dc7f4ad7f87
__wf_reserved_inherit__wf_reserved_inherit

Something we didn’t cover?

__wf_reserved_inherit

See our Roadmap

__wf_reserved_inherit

Subscribe on GitHub

__wf_reserved_inherit

Submit a request

__wf_reserved_inherit

API status