September 29, 2023 Testing Stripe Webhooks with Minitest

As I was looking to sure up some billing code in one of my projects, I figured it was finally time that I created some tests for the various Stripe webhooks that we used.

I was a bit dishearted that the only webhook testing examples I could find online pertained to RSpec, so with that I rolled up my sleaves and dug into the internals of both the stripe_event gem as well as Stripe’s offical gem.

After a few rounds of trial and error I was able to discern how Stripe generates the signature for webhooks and how I could mimic it to test my endpoint. You can see that below in the webhook_header method.

You’ll also need to grab sample payloads for each of the webhook events you’d like to test and save them as a JSON file in test/fixtures/stripe/#{event}.json, as seen in the webhook_payload method.

If you aren’t sure where to grab sample payloads from, the Stripe CLI has a trigger command that can make gathering them much easier.

The only other varaible you may have is the path to your webhook endpoint, which in my case is stripe_event_path, as seen in the deliver_payload method.

Take all of that and you get the following test case can be used as a base class for any tests you may need to write:

# test/stripe_test_case.rb
require "test_helper"

class StripeWebhookTestCase < ActionDispatch::IntegrationTest

  def deliver_payload(event:)
    params, headers = webhook_setup(event)

    post stripe_event_path, params:, headers:

  def webhook_setup(event)
    payload = webhook_payload(event)
    [payload, webhook_header(payload:)]

  def webhook_payload(event)"test", "fixtures", "stripe", "#{event}.json"))

  def webhook_header(payload:)
    time =
    signature = Stripe::Webhook::Signature.compute_signature(time, payload, SIGNING_SECRET)
    header = Stripe::Webhook::Signature.generate_header(time, signature)

    {"Stripe-Signature": header}

Once you have this test case, here’s an example test that could be used:

# test/webhooks/stripe/general_webhook_test.rb
require "stripe_webhook_test_case"

class Stripe::GeneralWebhookTest < StripeWebhookTestCase
  test "webhook endpoint returns proper status code" do
    deliver_payload(event: "charge.succeeded")

    assert_response :ok

  test "webhook endpoint returns proper status code when no headers are provided" do
    post stripe_event_path, params: webhook_payload("charge.succeeded")

    assert_response :bad_request

  test "webhook endpoint returns proper status code when improper headers are provided" do
    post stripe_event_path, params: webhook_payload("charge.succeeded"),
      headers: {"Stripe-Signature": "#{},v1=badsignature"}

    assert_response :bad_request

In this project I also happen to be using the stripe_event gem, so a good deal of the actual route/endpoint logic is abstracted from my app. I’m currently considering rolling my own completely and removing this gem as a dependancy, as I’ve done in another project already, but that’s a topic for another post. The Stripe docs also have a really good example one could use as a starting point.