@golevelup/nestjs-stripe
Advanced tools
Interacting with the Stripe API or consuming Stripe webhooks in your NestJS applications is now easy as pie 🥧
💉 Injectable Stripe client for interacting with the Stripe API in Controllers and Providers
🎉 Optionally exposes an API endpoint from your NestJS application at to be used for webhook event processing from Stripe. Defaults to /stripe/webhook but can be easily configured
🔒 Automatically validates that the event payload was actually sent from Stripe using the configured webhook signing secret
🕵️ Discovers providers from your application decorated with StripeWebhookHandler and routes incoming events to them
🧭 Route events to logical services easily simply by providing the Stripe webhook event type
Install the package along with the stripe peer dependency
npm install --save @golevelup/nestjs-stripe stripe
Install the package using yarn with the stripe peer dependency
yarn add @golevelup/nestjs-stripe stripe
Import and add StripeModule to the imports section of the consuming module (most likely AppModule). Your Stripe API key is required, and you can optionally include a webhook configuration if you plan on consuming Stripe webhook events inside your app.
Stripe secrets you can get from your Dashboard’s Webhooks settings. Select an endpoint that you want to obtain the secret for, then click the Reveal link below "Signing secret".
account - The webhook secret registered in the Stripe Dashboard for events on your accounts
account_test - The webhook secret registered in the Stripe Dashboard for events on your accounts in test mode
connect - The webhook secret registered in the Stripe Dashboard for events on Connected accounts
connect_test - The webhook secret registered in the Stripe Dashboard for events on Connected accounts in test mode
import { StripeModule } from '@golevelup/nestjs-stripe';
@Module({
imports: [
StripeModule.forRoot(StripeModule, {
apiKey: 'sk_***',
webhookConfig: {
stripeSecrets: {
account: 'whsec_***',
accountTest: 'whsec_***',
connect: 'whsec_***',
connectTest: 'whsec_***',
},
},
}),
],
})
export class AppModule {
// ...
}
The Stripe Module supports both the forRoot and forRootAsync patterns for configuration, so you can easily retrieve the necessary config values from a ConfigService or other provider.
The module exposes two injectable providers with accompanying decorators for your convenience. These can be provided to the constructors of controllers and other providers:
// injects the instantiated Stripe client which can be used to make API calls
@InjectStripeClient() stripeClient: Stripe
// injects the module configuration
@InjectStripeModuleConfig() config: StripeModuleConfig
This module will automatically add a new API endpoint to your NestJS application for processing webhooks. By default, the route for this endpoint will be stripe/webhook but you can modify this to use a different prefix using the controllerPrefix property of the webhookConfig when importing the module.
If you would like your NestJS application to be able to process incoming webhooks, it is essential that Stripe has access to the raw request payload.
By default, NestJS is configured to use JSON body parsing middleware which will transform the request before it can be validated by the Stripe library.
You can choose to pass the raw request body into the context of each Request, which will not cause side effects to any of your existing project's architectural design and other APIs.
// main.ts
const app = await NestFactory.create<NestExpressApplication>(AppModule, {
rawBody: true,
});
You can then manually set up bodyProperty to use rawBody:
StripeModule.forRoot(StripeModule, {
apiKey: 'sk_***',
webhookConfig: {
stripeSecrets: { ... },
requestBodyProperty: 'rawBody', // <-- Set to 'rawBody'
},
});
Exposing provider/service methods to be used for processing Stripe events is easy! Simply use the provided decorator and indicate the event type that the handler should receive.
Review the Stripe documentation for more information about the types of events available.
@Injectable()
class PaymentCreatedService {
@StripeWebhookHandler('payment_intent.created')
handlePaymentIntentCreated(evt: Stripe.PaymentIntentPaymentCreatedEvent) {
// execute your custom business logic
}
}
You can also pass any class decorator to the decorators property of the webhookConfig object as a part of the module configuration. This could be used in situations like when using the @nestjs/throttler package and needing to apply the @SkipThrottle() decorator, or when you have a global guard but need to skip routes with certain metadata.
StripeModule.forRoot(StripeModule, {
apiKey: 'sk_***',
webhookConfig: {
stripeSecrets: { ... },
decorators: [SkipThrottle()],
},
}),
This library is built using an underlying NestJS concept called External Contexts which allows for methods to be included in the NestJS lifecycle. This means that Guards, Interceptors and Filters (collectively known as "enhancers") can be used in conjunction with Stripe webhook handlers. However, this can have unwanted/unintended consequences if you are using Global enhancers in your application as these will also apply to all Stripe webhook handlers. If you were previously expecting all contexts to be regular HTTP contexts, you may need to add conditional logic to prevent your enhancers from applying to Stripe webhook handlers.
You can identify Stripe webhook contexts by their context type, 'stripe_webhook':
@Injectable()
class ExampleInterceptor implements NestInterceptor {
intercept(context: ExecutionContext, next: CallHandler<any>) {
const contextType = context.getType<'http' | 'stripe_webhook'>();
// Do nothing if this is a Stripe webhook event
if (contextType === 'stripe_webhook') {
return next.handle();
}
// Execute custom interceptor logic for HTTP request/response
return next.handle();
}
}
Follow the instructions from the Stripe Documentation for remaining integration steps such as testing your integration with the CLI before you go live and properly configuring the endpoint from the Stripe dashboard so that the correct events are sent to your NestJS app.
Contributions welcome! Read the contribution guidelines first.
FAQs
Badass utilities for integrating stripe and NestJS
The npm package @golevelup/nestjs-stripe receives a total of 0 weekly downloads. As such, @golevelup/nestjs-stripe popularity was classified as not popular.
We found that @golevelup/nestjs-stripe demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.