Overview
The HTTP Endpoints provide essential web services including Stripe webhook processing for automatic order creation, health monitoring, and configuration retrieval for client applications. Location:convex/http.ts
Stripe Webhook
Handles Stripe webhook events for automatic payment processing and order creation.POST /stripe/webhookStripe webhook signature header for verification
Supported Events
Payment Succeeded
Event:
Action: Creates order from cart items
payment_intent.succeededAction: Creates order from cart items
Payment Failed
Event:
Action: Logs failure and notifies customer
payment_intent.payment_failedAction: Logs failure and notifies customer
Payment Canceled
Event:
Action: Cleans up resources and preserves cart
payment_intent.canceledAction: Cleans up resources and preserves cart
Webhook Processing Flow
1
Signature Verification
Validates Stripe webhook signature for security
2
Event Parsing
Extracts payment data and metadata from webhook payload
3
Order Processing
Creates orders for successful payments or handles failures
4
Cart Cleanup
Removes items from customer cart after successful order creation
5
Notifications
Sends confirmation notifications to customers and stores
Health Check
Simple health check endpoint for monitoring and uptime verification.GET /healthStripe Configuration
Retrieve Stripe publishable key for client-side integration.GET /stripe/configWebhook Security
Signature Verification
Signature Verification
All webhooks are verified using Stripe’s signature verification:
Idempotency
Idempotency
Webhook events are processed idempotently to handle retries:
Error Handling
Error Handling
Robust error handling for webhook processing:
Webhook Testing
Monitoring & Observability
Health Monitoring
Use the
/health endpoint for uptime monitoring and load balancer health checksWebhook Logs
Monitor webhook processing in Convex logs for debugging payment issues
Error Tracking
Failed webhooks are logged with full context for troubleshooting
Performance Metrics
Track webhook processing times and success rates
CORS Configuration
The endpoints include proper CORS headers for web applications:Error Responses
Invalid webhook signature
Invalid webhook signature
Status Code:
400Unsupported webhook event
Unsupported webhook event
Status Code:
200 (Success, but ignored)Webhook processing failed
Webhook processing failed
Status Code:
500Webhook endpoints are automatically secured and include signature verification. Failed webhook processing triggers Stripe’s automatic retry mechanism.
