Stripe doesn't allow developers to configure extra Header parameters. This makes impossible to receive calls from Stripe.
Is there a way to configure the Webhook trigger without the Api Key?
With no API key, how would you protect your endpoint from abuse?
I understand that. But this is how Stripe works, they don't have the ability to set custom headers.
They do provide a secure key that they pass from their side that can be used to secure the connection.
That's why the question.
1 Like
Hmmm, this is interesting. I just created a Stripe account the other day, as I was going to explore it's possibilities.
I am going to follow this thread and see what others suggest.
1 Like
Hey @fmartins! Thanks for reaching out.
It's not uncommon for third-party integrations to have certain restrictions, such as disallowing custom headers, but you can alternatively authenticate the call with a workflowApiKey query parameter.
Otherwise, the only way to trigger a workflow via webhook without an API key is to make the endpoint public.
This isn't a big deal if you are able to verify the alternate security method in the first block, but keep in mind the fact that workflows are billed by total runs.
1 Like
Thanks for the reply, yes this will solve the problem.
1 Like
To anybody watching this topic, I just updated the post marked as "Solution" with some updated information. Shoutout to @meyerovb for reminding me of this alternative authentication method!
1 Like