Webhooks
Elate HRMS uses Stripe webhooks to keep subscription data synchronized.
Stripe Webhook
POST /api/billing/webhook
This endpoint receives webhook events from Stripe. It is not authenticated via NextAuth — instead, it validates the Stripe webhook signature.
Handled Events
| Event | Action |
|---|---|
checkout.session.completed | Provisions new subscription and tenant database |
customer.subscription.updated | Updates plan, modules, and limits |
customer.subscription.deleted | Marks subscription as canceled |
invoice.payment_succeeded | Updates payment status |
invoice.payment_failed | Marks subscription as past due |
What Happens on Subscription Change
When a subscription is created or updated, the webhook:
- Reads plan metadata from the Stripe Price object
- Updates the
subscriptionstable in the central database:- Plan name
- Status (active, canceled, past_due, etc.)
- Employee limit
- ESS user limit
- Active modules (from Price metadata)
- Billing period dates
- For new subscriptions: provisions a new tenant database
Webhook Security
- Stripe signature verification using
STRIPE_WEBHOOK_SECRET - Rejects requests with invalid or missing signatures
- Idempotent handling of duplicate events
Configuration
Set the webhook URL in your Stripe dashboard:
https://your-domain.com/api/billing/webhookRequired Stripe events to subscribe to:
checkout.session.completedcustomer.subscription.updatedcustomer.subscription.deletedinvoice.payment_succeededinvoice.payment_failed
Last updated on