It’s crazy to me that this hasn’t been implemented yet, given the number of people using Stripe with bubble… Heck, the official documentation doesn’t even mention securing webhooks at all…
Digging through older threads, it seems the one limiting factor is simply having access to the raw request body. @eve is there any way that the team can either:
a) Provide access to an API request’s entire body (perhaps as a “stringified” object) from within an API workflow
b) Update the stripe plugin to verify signature requests (if possible, since I’m not sure if bubble-built plugins have the same limitations)