Stripe Webhooks Behind a Firewall
Receive Stripe webhook events in a private network without inbound ports, VPN, or reverse proxy.
How It Works
Stripe sends events to Zen Mesh over the public internet. Zen Mesh delivers them through an outbound-only Edge Plane connection to your private infrastructure. Your network never needs inbound firewall rules.
Each delivery is tracked through the Flow → Attempt → Trace → Evidence chain. Every attempt carries a trace identifier and produces a cryptographic receipt. See How Zen Works for the full mental model.
Prerequisites
- A Zen Mesh account with Edge Plane access
- A private network where your Stripe handler runs (Kubernetes or Edge Lite)
- A Stripe account with webhook configuration access
Setup
- Choose a runtime path — Kubernetes Edge Plane or Edge Lite
- Deploy the runtime:
- Kubernetes Edge Plane — Helm-based
- Edge Lite — Docker-based
- Configure a target (Targets API) pointing to your internal Stripe handler
- Create a flow linking Stripe to your target
- Set up Stripe in the Stripe Dashboard to send events to Zen Mesh
Full Guide
See Stripe Integration for the complete step-by-step walkthrough, including event types, signature verification, and JSONPath transforms.
Related
- How Zen Works — mental model
- Edge Plane — outbound-only delivery model
- Kubernetes Edge Plane — deploy on Kubernetes
- Security: mTLS and SPIFFE/SPIRE