Stripe Webhook Secret
- Documentation: https://stripe.com/docs/webhooks/best-practices#endpoint-secrets
- Summary: Stripe offers payment processing software and application programming interfaces (APIs) for e-commerce websites and mobile application. It can be integrated with webhooks to communicate with external applications. Events sent by Stripe via a webhook are signed to avoid a replay attack. The key used to sign these events should remain secret. This detector aims at catching such keys.
#Revoke the secret
Webhooks secrets can be issued and revoked from the dashboard dedicated page.'
#Check for suspicious activity
In addition to signing webhook events, Stripe sends events only from a given list of IPs. Checking the origin of webhook messages can help to detect suspicious activities.
Stripe webhook secret#
Category: Payment system
High recall: True
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 8.52
- type: ContentWhitelistPreValidator patterns: - whsec_
- text: "stripe_wh_secret: whsec_VV1cfC0WFqnTPzHIAYUnnDS0t9g8I3Az" apikey: whsec_VV1cfC0WFqnTPzHIAYUnnDS0t9g8I3Az - text: "stripe_wh_secret: whsec_b2e1ebdcbdaf9ea3f983cf401e6e6cc1318cdadbecca663b0c8c0dc7f4ad7f87" apikey: whsec_b2e1ebdcbdaf9ea3f983cf401e6e6cc1318cdadbecca663b0c8c0dc7f4ad7f87