Does this skill support both Stripe and PayPal?

Yes, it includes specific verification algorithms and implementation patterns tailored for Stripe, PayPal, and other common payment providers.

How does it protect against replay attacks?

It implements a strict 5-minute timestamp tolerance window and unique event ID tracking to ensure captured events cannot be resubmitted.

How does the skill handle duplicate events?

The skill includes idempotency templates that check your database for processed event IDs before executing logic, making it safe to receive the same webhook multiple times.

Does it help with PCI compliance?

Yes, implementing cryptographic signature verification and secure secret management are key requirements for maintaining PCI-compliant payment integrations.

Can I use this for local development?

Absolutely. It provides automated scripts to forward webhooks to your local environment using tools like Stripe CLI and ngrok for end-to-end testing.

Webhook Security for Payments

Name: Webhook Security for Payments
Author: vanman2024

byvanman2024

0•

E-commerce Solutions

Implements robust webhook validation patterns and signature verification to secure payment integrations against spoofing and replay attacks.

This skill provides a comprehensive framework for securing webhook endpoints within payment ecosystems like Stripe, PayPal, and Square. It empowers developers to implement cryptographic signature verification, prevent replay attacks through timestamp validation, and establish rigorous event logging for auditing and dispute resolution. By providing standardized scripts for local testing and secret management, this skill ensures that your payment integrations are production-ready, PCI-compliant, and resilient against unauthorized event injection.

Key Features

01Cryptographic signature verification for major payment providers

02Local webhook testing workflows using CLI and tunneling tools

03Structured event logging and auditing for transaction histories

04Secure environment-based management for webhook signing secrets

05Replay attack prevention via timestamp and event ID tracking

060 GitHub stars

Use Cases

01Auditing and debugging failed payment webhooks in production environments

02Preventing double-processing of payment events using idempotency keys

03Securing Stripe subscription lifecycle events and invoice payments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add vanman2024/ai-dev-marketplace webhook-security

For use in Claude.ai and ChatGPT

Download Skill