Stripe webhook handler with signature verify + idempotency

Production-ready Stripe webhook route that verifies the signature and processes events exactly once.

Prompt

You are a payments engineer. Write a Stripe webhook handler for [FRAMEWORK: Next.js route handler / Express].

Must:
- Read the raw request body (no JSON pre-parsing) and verify with `stripe.webhooks.constructEvent` using `STRIPE_WEBHOOK_SECRET`.
- Return 400 on missing/invalid signature.
- Handle `checkout.session.completed` and `invoice.paid`.
- Be idempotent: before acting, check whether `event.id` was already processed (store processed event ids); skip if seen.
- Wrap side effects in try/catch and return 500 only on real processing failures (so Stripe retries), 200 otherwise.
- Never trust client metadata for amounts — read from the Stripe object.

Return the full handler with typed metadata, plus the exact env vars required and a one-paragraph note on testing with the Stripe CLI.

Source: promptfork seed
License: CC-BY-4.0
Published: 6/23/2026

Report

Explore more

Next.js App Router Page Setup Tailwind Dashboard Components Supabase RLS Policies Cursorrules File Rulesets React Hook Refactoring SQL Query Optimization JWT Authentication Flows Prisma Schema Generation

More prompts you might like

Coding & DevelopmentSeed

Next.js 15 App Router page with streaming, caching, and server data

Scaffold a production App Router page: Server Component data fetching, Suspense streaming for instant TTFB, correct cache strategy (fetch cache vs unstable_cache vs revalidatePath), loading/error boundaries, and generateMetadata — with the non-obvious patterns most tutorials skip.

New

Coding & DevelopmentSeed

Tailwind analytics dashboard with animated stat cards, dark mode, and skeleton loading

Production-grade dashboard layout: KPI cards with counting animations and trend sparklines, a chart area, activity table — all with dark mode, skeleton loading states, and responsive breakpoints defined to the pixel.

New

Coding & DevelopmentSeed

Supabase RLS: owner-write, public-read policies for a table

Generate correct, non-recursive RLS policies so anyone reads published rows and only owners edit their own.

New

Coding & DevelopmentSeed

.cursorrules for a strict TypeScript + React codebase

A tuned .cursorrules file that keeps Cursor's agent on-convention: strict types, no dead code, match existing patterns.

New

Coding & DevelopmentSeed

Refactor a React component into clean custom hooks

Extract stateful logic from a bloated component into typed, testable custom hooks.

New

Coding & DevelopmentSeed

Diagnose and fix a slow SQL query using EXPLAIN ANALYZE like a DBA

Paste a slow query and get a root-cause diagnosis, targeted index/rewrite fixes, and a before/after query plan — with specific pattern detection for N+1s, implicit casts, and composite index gaps.

New