Skip to main content

Overview

The HTTP Endpoints provide essential web services including Stripe webhook processing for automatic order creation, health monitoring, and configuration retrieval for client applications. Location: convex/http.ts

Stripe Webhook

Handles Stripe webhook events for automatic payment processing and order creation.
endpoint
string
POST /stripe/webhook
stripe-signature
string
required
Stripe webhook signature header for verification

Supported Events

Payment Succeeded

Event: payment_intent.succeeded
Action: Creates order from cart items

Payment Failed

Event: payment_intent.payment_failed
Action: Logs failure and notifies customer

Payment Canceled

Event: payment_intent.canceled
Action: Cleans up resources and preserves cart

Webhook Processing Flow

1

Signature Verification

Validates Stripe webhook signature for security
2

Event Parsing

Extracts payment data and metadata from webhook payload
3

Order Processing

Creates orders for successful payments or handles failures
4

Cart Cleanup

Removes items from customer cart after successful order creation
5

Notifications

Sends confirmation notifications to customers and stores

Health Check

Simple health check endpoint for monitoring and uptime verification.
endpoint
string
GET /health

Stripe Configuration

Retrieve Stripe publishable key for client-side integration.
endpoint
string
GET /stripe/config

Webhook Security

All webhooks are verified using Stripe’s signature verification:
Webhook events are processed idempotently to handle retries:
Robust error handling for webhook processing:

Webhook Testing

Monitoring & Observability

Health Monitoring

Use the /health endpoint for uptime monitoring and load balancer health checks

Webhook Logs

Monitor webhook processing in Convex logs for debugging payment issues

Error Tracking

Failed webhooks are logged with full context for troubleshooting

Performance Metrics

Track webhook processing times and success rates

CORS Configuration

The endpoints include proper CORS headers for web applications:

Error Responses

Status Code: 400
Status Code: 200 (Success, but ignored)
Status Code: 500
Status Code: 503
Webhook endpoints are automatically secured and include signature verification. Failed webhook processing triggers Stripe’s automatic retry mechanism.
Use the Stripe CLI during development to test webhook integration locally. Always verify webhook signatures in production for security.