When accepting payments on a Ruby on Rails app, if you want to be aware of every actions that happen on stripe, you will have to implement the stripe webhooks.
I found a nice way to handle them, which I'm going to share in this article.
I strongly discourage you to implement them on your own by adding a simple POST route to /webhooks, because:
- You need to check stripe's signature before accepting them (someone may be trying to impersonate Stripe!)
- There are gems available to simplify this task
In this tutorial, we're going to use a gem called stripe_event
The first step is to add the gem in your Gemfile. If you're new to ruby, the file is located at the root of your app.
Then, in your routes.rb file, located in /config, add the following line:
mount StripeEvent::Engine, at: '/stripe-webhooks' #you can change this url
This will create a POST route to handle all the webhooks. We're going to implement that in a few moments, after we setup everything in the stripe dashboard
First, if you want to try the webhooks on your development environment, you will need to use a tool like ngrok.
Then, in your Stripe dashboard, navigate to Developers -> Webhooks or click on this link.
Finally, switch to "test data" and add a new endpoint. In "URL to be called", add your ngrok URL followed by the route name you chose earlier.
We will now add the stripe credentials to the (relatively) new rails encrypted credentials
To edit the credentials, type the following command:
EDITOR=nano rails credentials:edit
and write the following lines:
stripe: development: publishable_key: 'pk_test_' secret_key: 'sk_test_' signing_secret: 'whsec_' production: publishable_key: 'pk_live_' secret_key: 'sk_live_' signing_secret: 'whsec_'
publishable_key and secret_key are your stripe keys, you can find them in your account settings, signing_secret is the secret we generated earlier.
Create a file called "stripe_events.rb" in config/initializers and paste the following code
Stripe.api_key = Rails.application.credentials.stripe[Rails.env.to_sym][:publishable_key] StripeEvent.signing_secret = Rails.application.credentials.stripe[Rails.env.to_sym][:signing_secret] StripeEvent.configure do |events| events.subscribe 'invoice.', Stripe::InvoiceEventHandler.new end
The first two lines are setting the correct tokens, depending on your current environment (development or production)
In the last three lines, we are telling stripe_event to subscribe to all the events starting with 'invoice.' and redirect them to a class called "InvoiceEventHandler"
The next step is to implement this class.
In your app folder, create a new folder called "services" and add a folder called "stripe" in it.
Then, add a file called invoice_event_handler.rb in the stripe folder we just created.
module Stripe class InvoiceEventHandler def call(event) begin method = "handle_" + event.type.tr('.', '_') self.send method, event rescue JSON::ParserError => e # handle the json parsing error here raise # re-raise the exception to return a 500 error to stripe rescue NoMethodError => e #code to run when handling an unknown event end end def handle_invoice_payment_failed(event) end def handle_invoice_payment_succeeded(event) end end end
Here, I implemented two events: invoice.payment.failed and invoice.payment.succeeded. Using 'send', I'm forwarding the event to the correct method. (Credit: @aradilopez)
In my various projects, I'm redirecting all the useful notifications to a slack channel, so I'm always aware of what's happening.