Botpaid

Botpaid webhooks

Botpaid currently exposes Stripe webhook handling for billing events.

Webhook processing is part of the hosted billing flow. It is primarily relevant to payment reconciliation, refunds, and operational support rather than direct end-user integration today.

Endpoint

The production webhook endpoint is https://app.botpaid.com/api/webhook. It expects Stripe-signed POST requests and verifies the Stripe signature before processing any event.

Security

  • Stripe signatures are verified before the payload is accepted.
  • Webhook events are processed idempotently to avoid duplicate balance mutations.
  • Signing secrets are stored in Cloudflare secrets rather than in source control.

Local testing

stripe listen --forward-to https://app.botpaid.com/api/webhook

For local development, forward to your Wrangler dev URL and update the local Stripe webhook secret accordingly.