Stripe webhook
POST /io/wallet/webhook — Stripe webhook that credits the wallet on a completed top-up payment. Idempotent.
The endpoint Stripe calls to confirm top-up payments. On a checkout.session.completed event for a wallet top-up, the wallet grants credits to the user. You do not call this endpoint yourself — Stripe does.
POST https://api.misar.io/io/wallet/webhook
Authentication
Authenticated by the Stripe webhook signature (Stripe-Signature header), verified against the endpoint's signing secret. There is no Misar API key on this route. Requests with a missing or invalid signature are rejected with 400.
Behavior
Verify the signature
The raw request body is verified against the Stripe signing secret. Invalid signatures are rejected.
Match the event
Only checkout.session.completed events whose session metadata type is wallet_topup grant credits. All other event types are acknowledged and ignored.
Grant credits
Credits granted = floor(amount_total / 100). Stripe reports amount_total in cents, so $25.00 → 2500 cents → 25 credits (1 credit = $1).
Acknowledge
The wallet returns 200 so Stripe marks the event delivered.
Idempotency
Safe to redeliver
The webhook is idempotent. Stripe may deliver the same event more than once; the wallet keys the credit grant on the Stripe session id, so a given top-up is credited exactly once no matter how many times the event arrives. Redelivering a processed event is a no-op.
Credit conversion
Stripe amount_total (cents) | Dollars | Credits granted |
|---|---|---|
1000 | $10 | 10 |
2500 | $25 | 25 |
100000 | $1,000 | 1000 |
Credits = floor(amount_total / 100).
Configuration
Point a Stripe webhook endpoint at https://api.misar.io/io/wallet/webhook and subscribe to checkout.session.completed. Set the endpoint's signing secret in the wallet service's environment so signature verification succeeds.