Search code examples
stripe-payments

Stripe: Is it safe using stripe customer id to indetify customer webhooks?


I know I can set client_reference_id to checkout session but I need to indetify my system user based on stripe data in following webhook events:

charge.succeeded,customer.subscription.deleted and charge.failed

But those events don't store any client_reference_id, it seems I can simply use stripe customer id to link my system user to stripe regardless which webhook event I'm in...

Then I would also ignore client_reference_id managment even on checkout webhooks in order to avoid complexity, the problem is: Can a customer get its id deleted (by customer or stripe not developers) or changed on stripe lifecycle?

That's on any permutation of sequence below:

(first_subscription > posterior payments > cancel subscription > resubiscribe)


Solution

  • The customer.id is not changed throughout the lifecycle of a subscription, even if the subscription is canceled. Keep in mind that Customers are tightly coupled with Subscriptions, as a result, deleting a customer will result in the cancellation of their subscriptions.

    The reason why charge.succeeded, customer.subscription.deleted and charge.failed do not have the client_reference_id is because the attribute is specific to Stripe Checkout and not Charges and Subscriptions.

    As an alternative to relying on the customer.id you may want to consider making use of the metadata attribute to store related customer information. More specifically, take a look at the “Set metadata indirectly” section in the documentation linked below.

    Another approach to obtaining the client_reference_id is to list all Checkout Sessions, iterate through the Checkout objects and look for the client_reference_id. See the API reference guide linked below.

    Relevant links: