Webhooks and Stripe

Using Intello: manage plans and payment methods under Settings → Billing in the app. You don’t configure Stripe webhooks as a customer.

This page is for security and operations staff: how Intello’s backend talks to Stripe, including the inbound webhook Stripe calls.

Billing in the app vs API

The billing screens in the product use JSON routes such as subscription, usage, plans, checkout, and customer portal. Those are normal app requests—not something you wire up manually unless you automate billing; see Plans and usage and Core resources.

Stripe webhook endpoint

POST /webhooks/stripe
Stripe-Signature: t=…,v1=…

Characteristics:

• No JWT — authentication is Stripe’s signed payload (Stripe-Signature HMAC).
• Rate limited independently from /api/* (webhook-specific bucket).
• Idempotent processing — duplicate events should not double-charge or corrupt state.

Operational checklist

1. Configure the exact public URL in the Stripe dashboard (no unauthenticated redirects).
2. Store the webhook signing secret server-side (STRIPE_WEBHOOK_SECRET or deployment equivalent).
3. Fail closed on signature mismatch (400).
4. Return 200 quickly after enqueueing work; defer heavy processing to background workers if processing time risks Stripe retries.

Never log raw card data

Payment method details flow through Stripe Elements / Checkout—your Intello backend should only see Stripe object ids, not PANs.

Internal platform callbacks

Spec-engine and worker infrastructure may call /internal/* routes with X-Internal-Api-Key. These endpoints are not customer-accessible and must sit behind network policies blocking public ingress.

Related topics

• Plans and usage
• Security model