Skip to main content

Webhooks

All payment provider webhooks are handled by a single route:
  • POST /api/webhooks/payments
The handler verifies the signature for the active provider and uses the adapter to process the event and update the database.

Configure your provider

  • Stripe uses the stripe-signature header
  • Polar uses the polar-webhook-signature header
  • Lemon Squeezy uses the x-signature header
  • Creem uses the creem-signature header (HMAC-SHA256 of the raw body with CREEM_WEBHOOK_SECRET)

Local development

When testing locally, point the provider webhook to your local dev URL using a tunneling tool and ensure the correct webhook secret is set.
The webhook handler updates customer, subscription, and payment tables based on the adapter result.