Stripe Webhooks: How to configure


Hey guys,

I am implementing Stripe Checkout on my app and need to configure a webhook for an event. However, after following all documentation and forum posts I could find, I still couldn’t get anywhere.

Can someone please give me a short explanation on how to get this done?

What I have done so far:

  • Declared a server-side route (my endpoint) using meteorhacks:picker and parsed incoming data with body-parser
  • Created a test webhook on the Stripe dashboard
  • Downloaded and configured ngrok to test webhooks on localhost
  • Read the MeteorChef tutorials (not working, probably too old)

What I would like to learn:

  • How to get the data from the endpoint route and do something with it?
  • Stripe mentions the need to “verify the webhook signature” using their official libraries. How do I do this on Meteor?

If you have some boilerplate code I could simply adapt, it would be awesome…

Thanks a lot!


Ours looks like this:

import stripe from "stripe";

const bound = Meteor.bindEnvironment(callback => callback());

WebApp.rawConnectHandlers.use("/payment", (req, res, next) => {
  const sig = req.headers["stripe-signature"];
  const endpointSecret = Meteor.settings.STRIPE_WEBHOOK_SK;
  const stripeObj = stripe(Meteor.settings.STRIPE_SK);
  if (req.method === "POST") {
    let body = "";
    req.on("data", data => bound(() => {
      body += data;
    req.on("end", () => bound(() => {
      try {
        const eventObj = stripeObj.webhooks.constructEvent(body, sig, endpointSecret);
        const eventData =;
        const result = invokeStripeEvent(eventObj, eventData.object);
      catch (error) {
        console.warn("[Payment Gateway Exception]: ", error);
        if (error.type && error.type === "StripeSignatureVerificationError") {
          res.end("We caught you -_-");
        else {
          res.end(JSON.stringify(error, Object.getOwnPropertyNames(error)));
  else {


I also like to verify the origin ip against so that you can halt the request more quickly if you know it’s bad data.