Skip to content

Stripe: add signed webhooks for reliable payment confirmation #1150

Description

@Zwiterrion

Severity: 🟠 Major (missing feature)

Payment confirmation relies only on the browser redirect to success_url. There are no Stripe webhooks, so Daikoku and Stripe drift apart on any asynchronous event.

Current state

  • No webhook endpoint in conf/routes.
  • No webhookSecret field in StripeSettings (tenantEntities.scala:392-404) → webhooks aren't even configurable, so signature verification is impossible.
  • Confirmation flow: success_url/api/subscription/_validate?token=…&session_id=… (PaymentClient.scala:470-473ApiController.validateProcess 1179-1211).

Problems

  • If the user pays and closes the tab before redirect → the Stripe subscription is active but never materialized in Daikoku.
  • Async events are never handled: invoice.payment_failed (failed renewal), cancellation from the Stripe billing portal, customer.subscription.deleted, trial end → silent divergence.

This is the anti-pattern Stripe explicitly warns against (success_url is not a reliable signal).

Fix

  • Add StripeSettings.webhookSecret.
  • Add a signed webhook endpoint (verify Stripe-Signature).
  • Handle at least checkout.session.completed, invoice.payment_failed, customer.subscription.deleted.
  • Make the redirect a UI convenience only; webhooks become the source of truth.

How to verify

Pay a checkout then close the tab before the _validate redirect → confirm the Stripe subscription is active with no matching Daikoku subscription.

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Fields

    No fields configured for Feature.

    Projects

    Status
    Ready

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions