stripe-signature

Verification of Stripe webhook signatures

Version on this page:	1.0.0.14
LTS Haskell 22.17:	1.0.0.16
Stackage Nightly 2023-12-26:	1.0.0.16
Latest on Hackage:	1.0.0.16

See all snapshots stripe-signature appears in

MIT licensed by Chris Martin

Maintained by Chris Martin, Julie Moronuki

This version can be pinned in stack with:stripe-signature-1.0.0.14@sha256:b201a5777df544aeac2bfaaea42f32d1aade498aed066a1f5cc5a959f929cd61,1624

Module documentation for 1.0.0.14

Stripe
- Stripe.Signature

Depends on 6 packages(full list with versions):

base, base16-bytestring, bytestring, cryptohash-sha256, stripe-concepts, text

Used by 1 package in nightly-2022-01-13(full list with versions):

stripe-scotty

When Stripe sends an event to your webhook, it includes an HTTP header named Stripe-Signature. You should use this to verify the authenticity of the request to ensure that you are not acting upon forged events originating from some source other than Stripe.

Changes

Changelog

1.0.0.0 - 2018-12-20

Initial release

1.0.0.1 - 2019-05-18

Replace hex-text package dependency with slightly smaller base16-bytestring dependency

1.0.0.2 - 2020-04-18

Tightened dependency version bounds

1.0.0.4 - 2020-05-20

Support GHC 8.10

1.0.0.6 - 2020-09-02

Support cryptonite 0.27

1.0.0.8 - 2021-03-08

Support cryptonite 0.28

1.0.0.10 - 2021-06-05

Support GHC 9.0, cryptonite 0.29, bytestring 0.11, memory 0.16

Switch base16-bytestring version from 0.1 to 1.0

1.0.0.12 - 2022-01-08

Drop cryptonite and memory dependencies; HMAC is now done using the cryptohash-sha256 package instead

Add some tests for the isSigValid function

1.0.0.14 - 2022-01-09

Support GHC 9.2