Stripe
Signature Verification
Section titled “Signature Verification”| Property | Value |
|---|---|
| Algorithm | HMAC-SHA256 |
| Header | Stripe-Signature |
| Format | t=timestamp,v1=signature |
| Timestamp tolerance | 300 seconds (5 minutes) |
Signing formula:
HMAC-SHA256("timestamp.payload", webhook_secret)Transyt parses the Stripe-Signature header, extracts the t (timestamp) and v1 (signature) values, then computes the expected signature using the stored webhook secret. The timestamp is validated to be within 5 minutes of the current time to prevent replay attacks.
Setup in Stripe Dashboard
Section titled “Setup in Stripe Dashboard”- Go to Developers > Webhooks in your Stripe Dashboard
- Click Add endpoint
- Set the endpoint URL to:
https://ingest.transyt.com/stripe/{your-account-slug}
- Select the events you want to receive
- Copy the Signing secret (starts with
whsec_) - Create the account in Transyt with the signing secret
Account Configuration
Section titled “Account Configuration”curl -X POST https://ingest.transyt.com/admin/accounts \ -H "X-Admin-Token: YOUR_ADMIN_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "provider": "stripe", "account_slug": "my-app", "app_key": "my-app", "signing_secret_current": "whsec_..." }'Event Type Mappings
Section titled “Event Type Mappings”Transyt normalizes Stripe event types to a consistent format:
| Stripe Event | Transyt Event |
|---|---|
charge.succeeded | payment.completed |
charge.failed | payment.failed |
charge.refunded | payment.refunded |
charge.disputed | payment.disputed |
invoice.paid | invoice.paid |
invoice.payment_failed | invoice.payment_failed |
invoice.created | invoice.created |
invoice.finalized | invoice.finalized |
customer.subscription.created | subscription.created |
customer.subscription.updated | subscription.updated |
customer.subscription.deleted | subscription.cancelled |
customer.subscription.trial_will_end | subscription.trial_ending |
payment_method.attached | payment_method.attached |
payment_method.detached | payment_method.detached |
checkout.session.completed | checkout.completed |
checkout.session.expired | checkout.expired |
The original Stripe event type is always preserved in the event_type_raw field.
External ID
Section titled “External ID”The Stripe event ID (evt_xxxxx) is used as the external ID for deduplication.