I want to test my application's handling of webhook events from stripe when a subscription payment has been made (or failed). Here is what I've tried so far:
However, According to the documentation:
If you have configured webhooks, the invoice will wait until one hour after the last webhook is successfully sent (or the last webhook times out after failing).
One hour is a long time to wait, since I am trying to do this as part of an automated integration test suite.
One suggestion (from IRC) is to fake out the webhook request, so that my integration test sends the event, instead of Stripe sending it. However, since Stripe doesn't include any sort of HMAC in the webhooks, I can't trust the data in the payload. So, my application just takes the event ID from the webhook payload and fetches the event from the Stripe API:
If security is a concern, or if it's important to confirm that Stripe sent the webhook, you should only use the ID sent in your webhook and should request the remaining details from the API directly.
This will obviously not work if I am trying to inject fake events for my test (by design).
What are the best practices for testing this sort of scenario?
To test it, create a subscription in test mode. Then, log in to the portal as the test user and update the subscription. Check the Dashboard or API to see whether the subscription reflects the customer's change. Read the integration guide to learn how to set up the customer portal.
To begin, you'll need to log in to your Stripe account. Then click on Payments in the menu at the top of the screen. Next, near the top right corner of the screen, toggle on the Test Mode option. This will show you an overview of the test payments you've received in your Stripe account.
Open the form you want to run a Stripe payment check for and go to its Settings. Click Payment Options and check Stripe if it's not checked already. Then put the Checkout Mode to Testmode, click Update, and test away. Don't forget to switch to Production when you need to start accepting actual payments.
If a payment fails for a subscription invoice, your customers can use the Stripe-hosted page to: View the details and amounts for the failed invoice and the associated subscription. Add a new card payment method for their subscription for the payment that's due and for future subscription payments.
It seems there isn't a perfect way to do this. As suggested by @koopajah in a comment, I added a configuration value in my application that will disable fetching the event from Stripe, and instead just trust the event data in the webhook. This allows me to test my flow in almost the same way as it would work on production, since the event data in the webhook and the event fetched from Stripe are identical (assuming it is an authentic webhook request :)
Unless/until Stripe includes an HMAC signature in the webhook request to authenticate that it came from them, I think this is the best way to solve the problem.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With