In this episode, we're taking a quick break from the main app to set up a Stripe webhook, which is essential for letting your app know when a payment succeeds. First, we walk through how to create a new webhook endpoint in the Stripe dashboard. Since Stripe needs to send requests to a publicly accessible URL (and your app is probably running locally), we use a tool called Expose to tunnel your local environment to the internet. This way, Stripe can communicate with your app for testing.
Once our local app is reachable on a public URL, we set up a specific endpoint (/webhooks/stripe
) to listen for successful payment_intent.succeeded
events. We go through selecting this event in the Stripe dashboard, adding the endpoint, and testing the setup by making a fake payment through the app. The initial tests give us a 404, as expected, since the controller isn't implemented yet, but that's about to change.
Next, we scaffold a basic Stripe webhook controller in our app, register it in the routes file, and make sure that CSRF protection is disabled for webhook routes (since Stripe won't be sending your site's CSRF token). After fixing a small typo and making sure the route is a POST, we confirm the endpoint is working by getting a 200 response from Stripe on subsequent test payments.
At this point, the controller is just a stub, not processing any data yet. The episode wraps up by highlighting that next, we'll handle inspecting the event type and securing the webhook using Stripe's signing secret, so no one else can send fake requests to your app.