/routes/webhook.js

Purpose

Handles Stripe webhook events for one-time payments, specifically verifying and processing checkout.session.completed events. On successful payment, it triggers a welcome email to the customer.

Prerequisites

Requires the following environment variable:

• STRIPE_WEBHOOK_SECRET: Secret key to validate incoming Stripe webhook signatures.

Route: /webhook-onetime-payment

• Method: POST

• Description: Processes Stripe webhook events, verifying the signature and handling successful checkout sessions.

• Headers: Expects stripe-signature header from Stripe, used for event verification.

• Response:

  • Returns a 200 status to acknowledge receipt of valid events.

  • Returns a 400 status if the webhook signature verification fails.

Webhook Event Flow

1. Signature Verification:

   • Verifies the webhook event’s authenticity using stripeTest.webhooks.constructEvent, which matches the event payload with the Stripe signature.

2. Event Handling:

   • Listens for the checkout.session.completed event type. When detected:

     • Retrieves session details (including customer email) via Stripe’s SDK.

     • Checks payment_status for a successful (paid) status.

     • If payment is confirmed, sends a registration email to the customer using sendRegistrationEmail.

Notes

• Dependencies: Utilizes stripeTest for Stripe SDK functions and sendRegistrationEmail to send post-payment confirmation emails.

• Security: Verifies webhook signatures using endpointSecret for secure event handling.

• Logs and Error Handling:

  • Logs success messages for verified events, successful payments, and email status.

  • Catches and logs any errors during event processing, ensuring comprehensive error tracking.

This route is essential for handling secure post-payment actions, ensuring a seamless customer experience by automating the onboarding email workflow.

This documentation offers a clear summary of webhook.js and its integration with Stripe.