Skip to main content
Receive HTTP callbacks from external services (Stripe, GitHub, Twilio, etc.) by creating routes matching /api/webhook/* and turning on Webhook Access in your app’s settings. When enabled, only /api/webhook/* routes are publicly accessible — all other routes remain protected.

Setup

Create an API route in your app under the /api/webhook/ path: 
// src/app/api/webhook/stripe/route.ts
export async function POST(request: Request) {
  const body = await request.json();
  // Handle the webhook payload
  return new Response("OK", { status: 200 });
}

Security

Best practice is to verify webhook signatures to ensure requests come from the expected source. Most services (Stripe, GitHub, etc.) include a signature header that you can validate against a shared secret.