如何使Stripe的WebhookEndpoint.create()线程安全

huangapple go评论83阅读模式
英文:

How to make Stripe's WebhookEndpoint.create() thread safe

问题

Stripe的示例说明如何创建Webhook是不安全的,它使用静态变量来保存apiKey。是否有人知道如何通过builder()方法将密钥传递给Stripe?他们的RequestOptionsBuilder类具有setApiKey()方法,但我在Webhook方面找不到类似的内容。

使用API添加端点

// 在此处查看您的密钥:https://dashboard.stripe.com/account/apikeys
Stripe.apiKey = "sk_test_4eC39HqLyjWDarjtT1zdp7dc";

WebhookEndpointCreateParams params =
  WebhookEndpointCreateParams.builder()
    .setUrl("https://example.com/my/webhook/endpoint")
    .addAllEnabledEvent(Arrays.asList(
      WebhookEndpointCreateParams.EnabledEvent.CHARGE__FAILED,
      WebhookEndpointCreateParams.EnabledEvent.CHARGE__SUCCEEDED))
    .build();

WebhookEndpoint endpoint = WebhookEndpoint.create(params);
英文:

Stripe's example on how to create a webhook is not safe, it uses a static variable to hold the apiKey. Does anyone know how to pass the key to Stripe via the builder() method? Their RequestOptionsBuilder class has the method setApiKey() and I couldn't find anything similar for webhooks.

Add endpoints with the API

// See your keys here: https://dashboard.stripe.com/account/apikeys
Stripe.apiKey = "sk_test_4eC39HqLyjWDarjtT1zdp7dc";

WebhookEndpointCreateParams params =
  WebhookEndpointCreateParams.builder()
    .setUrl("https://example.com/my/webhook/endpoint")
    .addAllEnabledEvent(Arrays.asList(
      WebhookEndpointCreateParams.EnabledEvent.CHARGE__FAILED,
      WebhookEndpointCreateParams.EnabledEvent.CHARGE__SUCCEEDED))
    .build();

WebhookEndpoint endpoint = WebhookEndpoint.create(params);

答案1

得分: 0

通过 builder() 方法无法传递您的秘密密钥。Stripe 文档仅以明文形式显示测试 API 密钥,以便更轻松地测试示例。这使得 Stripe 在文档中的所有示例中都可以动态显示您的测试密钥,只要您在 Stripe 仪表板中登录即可。Stripe 的完整集成示例都依赖于环境变量来设置 API 密钥;这是处理此类凭据的正确方法。以下是一个您可以参考的示例:

https://github.com/stripe-samples/checkout-one-time-payments/blob/master/client-and-server/server/java/src/main/java/com/stripe/sample/Server.java#L43-L45

英文:

There is no way to pass your secret key via the builder() method. The Stripe docs only display the test api key in plain text to make it easier to test out the examples. This allows Stripe to dynamically display your test key in all examples across the docs when you're logged-in to the Stripe dashboard. Stripe's complete integration samples all rely on environment variables to set the API key; which is the correct approach for handling these types of credentials server-side. Here's an example that you can reference:

https://github.com/stripe-samples/checkout-one-time-payments/blob/master/client-and-server/server/java/src/main/java/com/stripe/sample/Server.java#L43-L45

答案2

得分: 0

有一个重载方法WebhookEndpoint.create(PaymentIntentCreateParams createParams, RequestOptions requestOptions)。 RequestOptions构建器允许您设置各种每个请求的值,包括私钥。我将其发布为答案,因为在搜索Stripe网站几周后,需要与Stripe支持进行多次电子邮件交流,他们才建议使用这种方式;因此,即使在Stripe内部,这也不是常见的知识。

英文:

Per-request Configuration

There is an overloaded method WebhookEndpoint.create(PaymentIntentCreateParams createParams, RequestOptions requestOptions).
The RequestOptions builder allows you to set various per-request values, including the private key.
I'm posting this as an answer because after weeks searching the Stripe website, it took several emails with Stripe support before they suggested this; so it's not common knowledge even at Stripe.

huangapple
  • 本文由 发表于 2020年9月12日 03:03:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/63852896.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定