Skip to main content

Stripe Webhooks Behind a Firewall

Receive Stripe webhook events in a private network without inbound ports, VPN, or reverse proxy.

How It Works

Stripe sends events to Zen Mesh over the public internet. Zen Mesh delivers them through an outbound-only Edge Plane connection to your private infrastructure. Your network never needs inbound firewall rules.

Each delivery is tracked through the Flow → Attempt → Trace → Evidence chain. Every attempt carries a trace identifier and produces a cryptographic receipt. See How Zen Works for the full mental model.

Prerequisites

  • A Zen Mesh account with Edge Plane access
  • A private network where your Stripe handler runs (Kubernetes or Edge Lite)
  • A Stripe account with webhook configuration access

Setup

  1. Choose a runtime path — Kubernetes Edge Plane or Edge Lite
  2. Deploy the runtime:
  3. Configure a target (Targets API) pointing to your internal Stripe handler
  4. Create a flow linking Stripe to your target
  5. Set up Stripe in the Stripe Dashboard to send events to Zen Mesh

Full Guide

See Stripe Integration for the complete step-by-step walkthrough, including event types, signature verification, and JSONPath transforms.