#singleportrait

Hi there

If you click on the Webhook endpoint there should be "view logs" button at the top

You can use that to look at the creation request

Ok, I saw those but wasn't sure if that was the correct place to verify. Thank you!

👍

Can you give clarification on what this means for "Source"?

Source
Needle/3.1.0 (Node.js v14.21.3; linux x64)

That indicates it was an API request that came from your server

Looks like you are potentially using a plugin?

Essentially that tells you that the Webhook endpoint was created via the API

(As opposed to someone creating it in the Dashboard)

That was my guess. Would a 'plugin' be a connected app? I don't see any list of connected Apps in that tab

No a plugin would be a third party that you have provided your API key to so they can make requests for you and handle your integration.

Ok, thanks for that. We're reaching out to a few partners who may have made these; we're mostly concerned we may have a security issue

Gotcha, that seems like the correct next step. You may want to check the IP Address too and see if it is unique or the same as other API requests on your account

That could be telling on whether your key was leaked or not.

This one, yes?

Correct

Where can we look up API requests by IP address?

You can't

You would need to manually check via looking at your requests at https://dashboard.stripe.com/logs

But you can't export this data

Ok, got it

Thank you