Purpose
Document the order of operations when PayPress receives a Stripe webhook.
Overview
Webhook processing converts Stripe events into local order, subscription, refund, invoice, receipt, and diagnostic updates.
How It Works
PayPress reads the raw request, verifies the Stripe signature, decodes the event, logs receipt, resolves ownership, checks idempotency, dispatches the event, persists local changes, and records processed status.
Important Components
- Webhook endpoint.
- Stripe signature header.
- Webhook signing secret.
- Event parser.
- Webhook log table.
- Ownership resolver.
- Processed events table.
- Event handlers.
- Order/subscription repositories.
Data Flow
Request -> signature verification -> event decode -> received log -> ownership validation -> idempotency check -> event handler -> local persistence -> processed log.
Security Considerations
No event data should be trusted before signature verification. No merchant-facing records should be written before ownership validation.
Known Limitations
Webhook delivery is asynchronous. Customer-facing pages may temporarily show that order details are still being finalized while webhook processing completes.