Stripe Webhook Secret
#
Description#
General- Documentation: https://stripe.com/docs/webhooks/best-practices#endpoint-secrets
- Summary: Stripe offers payment processing software and application programming interfaces (APIs) for e-commerce websites and mobile application. It can be integrated with webhooks to communicate with external applications. Events sent by Stripe via a webhook are signed to avoid a replay attack. The key used to sign these events should remain secret. This detector aims at catching such keys.
#
Revoke the secretWebhooks secrets can be issued and revoked from the dashboard dedicated page.'
#
Check for suspicious activityIn addition to signing webhook events, Stripe sends events only from a given list of IPs. Checking the origin of webhook messages can help to detect suspicious activities.
Stripe webhook secret
#
Details for Family: Api
Category: Payment system
Company: Stripe
High recall: True
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 8.52
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator patterns: - whsec_
#
Examples- text: "stripe_wh_secret: whsec_VV1cfC0WFqnTPzHIAYUnnDS0t9g8I3Az" apikey: whsec_VV1cfC0WFqnTPzHIAYUnnDS0t9g8I3Az
- text: "stripe_wh_secret: whsec_b2e1ebdcbdaf9ea3f983cf401e6e6cc1318cdadbecca663b0c8c0dc7f4ad7f87" apikey: whsec_b2e1ebdcbdaf9ea3f983cf401e6e6cc1318cdadbecca663b0c8c0dc7f4ad7f87