Does this skill support both Stripe and PayPal?

Yes, it includes specific verification algorithms and implementation patterns tailored for Stripe, PayPal, and other common payment providers.

How does it protect against replay attacks?

It implements a strict 5-minute timestamp tolerance window and unique event ID tracking to ensure captured events cannot be resubmitted.

How does the skill handle duplicate events?

The skill includes idempotency templates that check your database for processed event IDs before executing logic, making it safe to receive the same webhook multiple times.

Does it help with PCI compliance?

Yes, implementing cryptographic signature verification and secure secret management are key requirements for maintaining PCI-compliant payment integrations.

Can I use this for local development?

Absolutely. It provides automated scripts to forward webhooks to your local environment using tools like Stripe CLI and ngrok for end-to-end testing.

Webhook Security for Payments

Name: Webhook Security for Payments
Author: vanman2024

byvanman2024

电子商务解决方案

Implements robust webhook validation patterns and signature verification to secure payment integrations against spoofing and replay attacks.

关于

This skill provides a comprehensive framework for securing webhook endpoints within payment ecosystems like Stripe, PayPal, and Square. It empowers developers to implement cryptographic signature verification, prevent replay attacks through timestamp validation, and establish rigorous event logging for auditing and dispute resolution. By providing standardized scripts for local testing and secret management, this skill ensures that your payment integrations are production-ready, PCI-compliant, and resilient against unauthorized event injection.

主要功能

Cryptographic signature verification for major payment providers
Local webhook testing workflows using CLI and tunneling tools
Structured event logging and auditing for transaction histories
Secure environment-based management for webhook signing secrets
Replay attack prevention via timestamp and event ID tracking
0 GitHub stars

使用场景

Auditing and debugging failed payment webhooks in production environments
Preventing double-processing of payment events using idempotency keys
Securing Stripe subscription lifecycle events and invoice payments

关于

主要功能

Cryptographic signature verification for major payment providers
Local webhook testing workflows using CLI and tunneling tools
Structured event logging and auditing for transaction histories
Secure environment-based management for webhook signing secrets
Replay attack prevention via timestamp and event ID tracking
0 GitHub stars

使用场景

Auditing and debugging failed payment webhooks in production environments
Preventing double-processing of payment events using idempotency keys
Securing Stripe subscription lifecycle events and invoice payments