Stripe GraphQL API

This package creates a Stripe GraphQL API, allowing for interaction with data at Stripe.

Here's an example of how to use the Stripe GraphQL API to get a list of invoices for a specific Stripe customer:

Request
Response

query {
  stripe {
    customer(id: "cus_xxx") {
      id
      name
      invoices {
        data {
          id
          created
          paid
          hostedInvoiceUrl
        }
      }
    }
  }
}

{
  "data": {
    "stripe": {
      "customer": {
        "id": "cus_xxx",
        "name": "joe@example.com",
        "invoices": {
          "data": [
            {
              "id": "in_1MUmwnCCF9wuB4xxxxxxxx",
              "created": 1674806769,
              "paid": true,
              "hostedInvoiceUrl": "https://invoice.stripe.com/i/acct_xxxxxxx/test_YWNjdF8xS25xV1lDQ0Y5d3VCNGZYLF9ORkhWxxxxxxxxxxxx?s=ap"
            }
          ]
        }
      }
    }
  }
}

It's recommended to add the Stripe GraphQL API as a Remote Schema in Hasura and connect data from your database with data in Stripe. By doing so, it's possible to request data from your database and Stripe in a single GraphQL query.

Here's an example of how to use the Stripe GraphQL API to get a list of invoices for a specific Stripe customer. Note that the user data is fetched from your database and the Stripe customer data is fetched from Stripe:

query {
  users {
    # User in your database
    id
    displayName
    userData {
      stripeCustomerId # Customer's Stripe Customer Id
      stripeCustomer {
        # Data from Stripe
        id
        name
        paymentMethods {
          id
          card {
            brand
            last4
          }
        }
      }
    }
  }
}

Get Started

Install the package:

npm
Yarn
pnpm

npm install @nhost/stripe-graphql-js

yarn install @nhost/stripe-graphql-js

pnpm add @nhost/stripe-graphql-js

Serverless Function

Create a new Serverless Function: functions/graphql/stripe.ts:

import { createStripeGraphQLServer } from '@nhost/stripe-graphql-js'

const server = createStripeGraphQLServer()

export default server

You can run the Stripe GraphQL API in any Node.js environment because it's built using GraphQL Yoga.

Stripe Secret Key

Add STRIPE_SECRET_KEY as an environment variable.

If you're using Nhost, add STRIPE_SECRET_KEY to nhost.toml like this:

[[ global.environment ]]
name=STRIPE_SECRET_KEY
value='{{ secrets.STRIPE_SECRET_KEY }}'

And then add to your .secrets file:

STRIPE_SECRET_KEY=sk_test_***

In production set your secret with your stripe production key (sk_live_***) in the Nhost dashboard.

Learn more about Stripe API keys.

Start Nhost

nhost up

Learn more about the Nhost CLI.

Test

Test the Stripe GraphQL API in the browser:

https://local.functions.nhost.run/v1/graphql/stripe

Remote Schema

Add the Stripe GraphQL API as a Remote Schema in Hasura.

URL

{{NHOST_FUNCTIONS_URL}}/graphql/stripe

Headers

x-nhost-webhook-secret: NHOST_WEBHOOK_SECRET (From env var)

The NHOST_WEBHOOK_SECRET is used to verify that the request is coming from Nhost. The environment variable is a system environment variable and is always available.

Hasura Remote Schema

Permissions

Here's a minimal example without any custom permissions. Only requests using the x-hasura-admin-secret header will work:

const server = createStripeGraphQLServer()

For more granular permissions, you can pass an isAllowed function to the createStripeGraphQLServer. The isAllowed function takes a stripeCustomerId and context as parameters and runs every time the GraphQL server makes a request to Stripe to get or modify data for a specific Stripe customer.

Here is an example of an isAllowed function:

import { createStripeGraphQLServer } from '@nhost/stripe-graphql-js'

const isAllowed = (stripeCustomerId: string, context: Context) => {
  const { isAdmin, userClaims } = context

  // allow all requests if they have a valid `x-hasura-admin-secret`
  if (isAdmin) {
    return true
  }

  // get user id
  const userId = userClaims['x-hasura-user-id']

  // check if the user is signed in
  if (!userId) {
    return false
  }

  // get more user information from the database
  const { user } = await gqlSDK.getUser({
    id: userId
  })

  if (!user) {
    return false
  }

  // check if the user is part of a workspace with the `stripeCustomerId`
  return user.workspaceMembers.some((workspaceMember) => {
    return workspaceMember.workspace.stripeCustomerId === stripeCustomerId
  })
}

const server = createStripeGraphQLServer({ isAllowed })

export default server

Context

The context object contains:

userClaims - verified JWT claims from the user's access token.
isAdmin - true if the request was made using a valid x-hasura-admin-secret header.
request - Fetch API Request object that represents the incoming HTTP request in platform-independent way. It can be useful for accessing headers to authenticate a user
query - the DocumentNode that was parsed from the GraphQL query string
operationName - the operation name selected from the incoming query
variables - the variables that were defined in the query
extensions - the extensions that were received from the client

Read more about the default context from GraphQL Yoga.

Source Code

The source code is available on GitHub.

Get Started​

Serverless Function​

Stripe Secret Key​

Start Nhost​

Test​

Remote Schema​

Permissions​

Context​

Source Code​