Stripe Webhook Event Ingester

This is an AWS CDK-based project for ingesting Stripe webhook events into an SQS queue.

Stripe uses a message digest code to allow clients to verify the integrity of webhook events. Stripe signs event messages that allow the receiver to verify the message was signed using a shared secret.

See: https://stripe.com/docs/webhooks/signatures

The pipeline

• An API endpoint that can be set as the Stripe webhook endpoint
• A Lambda function that receives incoming webhook events and verifies the signature
• Authenticated events are sent to the EventBridge on the $default bus

Setup

• Create the virtual environment: python3 -m venv .venv
• Enable the virtual environment: source .venv/bin/activate
• Install dependencies: pip install -r requirements.txt
• Deploy the stack: cdk deploy
• Create a Stripe Webhook endpoint: https://dashboard.stripe.com/webhooks
  • Set the URL to the URL of the API endpoint
  • Note that you'll find the Stripe Signing Secret used in the next step on this page
• Update the Stripe Signing Secret in the Secrets Manager: https://console.aws.amazon.com/secretsmanager/home

Design Notes

• Events can arrive from Stripe out of order