Skip to main content

Stripe GraphQL API

This package creates a Stripe GraphQL API, allowing for interaction with data at Stripe.

Here's an example of how to use the Stripe GraphQL API to get a list of invoices for a specific Stripe customer:

query {
stripe {
customer(id: "cus_xxx") {
invoices {
data {

It's recommended to add the Stripe GraphQL API as a Remote Schema in Hasura and connect data from your database with data in Stripe. By doing so, it's possible to request data from your database and Stripe in a single GraphQL query.

Here's an example of how to use the Stripe GraphQL API to get a list of invoices for a specific Stripe customer. Note that the user data is fetched from your database and the Stripe customer data is fetched from Stripe:

query {
users {
# User in your database
userData {
stripeCustomerId # Customer's Stripe Customer Id
stripeCustomer {
# Data from Stripe
paymentMethods {
card {

Get Started

Install the package:

npm install @nhost/stripe-graphql-js

Serverless Function

Create a new Serverless Function: functions/graphql/stripe.ts:

import { createStripeGraphQLServer } from '@nhost/stripe-graphql-js'

const server = createStripeGraphQLServer()

export default server

You can run the Stripe GraphQL API in any Node.js environment because it's built using GraphQL Yoga.

Stripe Secret Key

Add STRIPE_SECRET_KEY as an environment variable.

If you're using Nhost, add STRIPE_SECRET_KEY to nhost.toml like this:

[[ global.environment ]]
value='{{ secrets.STRIPE_SECRET_KEY }}'

And then add to your .secrets file:


In production set your secret with your stripe production key (sk_live_***) in the Nhost dashboard.

Learn more about Stripe API keys.

Start Nhost

nhost up

Learn more about the Nhost CLI.


Test the Stripe GraphQL API in the browser:

Remote Schema

Add the Stripe GraphQL API as a Remote Schema in Hasura.




x-nhost-webhook-secret: NHOST_WEBHOOK_SECRET (From env var)

The NHOST_WEBHOOK_SECRET is used to verify that the request is coming from Nhost. The environment variable is a system environment variable and is always available.

Hasura Remote Schema


Here's a minimal example without any custom permissions. Only requests using the x-hasura-admin-secret header will work:

const server = createStripeGraphQLServer()

For more granular permissions, you can pass an isAllowed function to the createStripeGraphQLServer. The isAllowed function takes a stripeCustomerId and context as parameters and runs every time the GraphQL server makes a request to Stripe to get or modify data for a specific Stripe customer.

Here is an example of an isAllowed function:

import { createStripeGraphQLServer } from '@nhost/stripe-graphql-js'

const isAllowed = (stripeCustomerId: string, context: Context) => {
const { isAdmin, userClaims } = context

// allow all requests if they have a valid `x-hasura-admin-secret`
if (isAdmin) {
return true

// get user id
const userId = userClaims['x-hasura-user-id']

// check if the user is signed in
if (!userId) {
return false

// get more user information from the database
const { user } = await gqlSDK.getUser({
id: userId

if (!user) {
return false

// check if the user is part of a workspace with the `stripeCustomerId`
return user.workspaceMembers.some((workspaceMember) => {
return workspaceMember.workspace.stripeCustomerId === stripeCustomerId

const server = createStripeGraphQLServer({ isAllowed })

export default server


The context object contains:

  • userClaims - verified JWT claims from the user's access token.
  • isAdmin - true if the request was made using a valid x-hasura-admin-secret header.
  • request - Fetch API Request object that represents the incoming HTTP request in platform-independent way. It can be useful for accessing headers to authenticate a user
  • query - the DocumentNode that was parsed from the GraphQL query string
  • operationName - the operation name selected from the incoming query
  • variables - the variables that were defined in the query
  • extensions - the extensions that were received from the client

Read more about the default context from GraphQL Yoga.

Source Code

The source code is available on GitHub.