Receiving a Paddle WebHook in Spring Boot

02.03.2018 by Jens in Spring Boot | Spring MVC | Newsletter

In this short tutorial, we’ll cover how to receive a webhook from Paddle in Spring Boot properly.

Paddle is my payment processor of choice and is a great fit for selling software (incl. trials), one-off downloads like ebooks or Subscriptions. We either specify a global webhook, which will receive many different event types, or we can define one at an individual purchase of a product. We’ll use the latter one.

Paddle signs each webhook call with a private key assigned to your account, so we know nobody tampered with it. Luckily, karlvr already did implement a Java version to verify the request.

Add it to the pom:

<dependency>
    <groupId>com.xk72</groupId>
    <artifactId>paddle-webhook-verifier</artifactId>
    <version>1.0</version>
</dependency>

Now, we implement a simple Spring MVC Controller like:

@Controller
public class JobController {

    @Value("${my.paddle.key}")
    private String paddleKey;

    @PostMapping("/payment-success")
    public ResponseEntity<String> paymentSuccess(HttpServletRequest request) throws Exception{
        PaddleWebhookVerifier verifier = new PaddleWebhookVerifier(paddleKey);
        if (!verifier.verify(request.getParameterMap())) {
            return new ResponseEntity<String>(HttpStatus.FORBIDDEN);
        }

        // do whatever you want to do with the valid paddle request

        return new ResponseEntity<String>(HttpStatus.OK);
    }
}

my.paddle.key is set in application.properties and is your public key form paddle - see vendor account settings.

In the webhook settings of your product, point to our endpoint /payment-success in Spring and select a POST request. Voila, you are ready to go.