Verification of Stripe webhook signatures

Version on this page:
LTS Haskell 19.25:
Stackage Nightly 2022-09-24:
Latest on Hackage:

See all snapshots stripe-signature appears in

MIT licensed by Chris Martin
Maintained by Chris Martin, Julie Moronuki
This version can be pinned in stack with:stripe-signature-,1498

Module documentation for

When Stripe sends an event to your webhook, it includes an HTTP header named Stripe-Signature. You should use this to verify the authenticity of the request to ensure that you are not acting upon forged events originating from some source other than Stripe.


Changelog - 2018-12-20

  • Initial release - 2019-05-18

  • Replace hex-text package dependency with slightly smaller base16-bytestring dependency - 2020-04-18

Tightened dependency version bounds - 2020-05-20

Support GHC 8.10 - 2020-09-02

Support cryptonite 0.27