TrustSecurityOperations
Payment Webhook Security
Define the minimum security posture before payment webhooks can affect entitlements.
Purpose
Define the minimum security posture before payment webhooks can affect entitlements.
Rules
- Verify webhook signatures.
- Keep test and live secrets separate.
- Never trust client-side checkout completion alone.
- Write entitlement changes through an auditable server-side path.
- Log webhook event ID, type, result, and related account/customer ID.
- Treat failed, duplicate, or out-of-order webhooks as expected cases.
- Do not enable live billing before legal/tax review and support readiness.
Future Checks
- Replay protection.
- Idempotent entitlement update.
- Alerting for repeated failures.
- Manual admin review queue for suspicious events.