Update Parse.com User from Stripe Webhook

Question

Firstly I see there are several Parse / Stripe questions on here however none are of any help to me.

I have a mobile application that has both free and paid features

Answer 1

Mostly I think your solution will work.

I think using the javascript key could pose a security risk if you are not validating events that come from stripe.

Your javascript keys will be present in your web site. Someone could get it and call your cloud code function. I'd use the master key so you know its only from sources you trust. They might be able change important billing information.

In your cloud function definition you can check if the master key was used.

Parse.Cloud.define('stripeEvents', function (request, response) {
if (request.master){
    return response.success('stripeEvents - master');
}
response.error('stripeEvents - must use master key');});

Answer 2

Ok after some experimenting:

1. create a webhook on in the Stripe Accounts area using the URL: https://**APPLICATION_ID**:javascript-key=**JAVASCRIPT_KEY**@api.parse.com/1/functions/update_user

2. In your cloud code use the same function name as the final part of your URL. in my case update_user.

3. Create a test version of the webhook and place this in your cloud code for testing :

Parse.Cloud.define("update_user", function(request, response) { response.success('** WEBHOOK WORKING **' + request); });

When running the test in the stripe dashboard you should see:

Hope that this helps someone - Would be grateful of any input anyone has as to my implementation or a slick function to run on my User class update.