skoczen
commented
11 years ago If you're using the built-in models or mixins, we pull the record from stripe when we access the API, so you're covered.
https://github.com/GoodCloud/django-zebra/blob/master/zebra/mixins.py
If you're not, it's the signal receiver's responsibility to validate what they've been passed. Making an extra API call by default at webhook time probably isn't the right call.
Since the events have to do with billing, what is the best way to validate the webhook?
https://github.com/GoodCloud/django-zebra/blob/master/zebra/views.py#L59
Would it make sense to pull the id from the event object and re-request it from stripe so it is guaranteed to be official? Then pass the event object we pulled from stripe to the signal listeners.