stripe
diff --git a/‎CODEGEN_VERSION‎
Lines changed: 1 addition & 1 deletion b/‎CODEGEN_VERSION‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 8 additions & 6 deletions b/‎README.md‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎src/RequestSender.ts‎
Lines changed: 19 additions & 2 deletions b/‎src/RequestSender.ts‎
Lines changed: 19 additions & 2 deletions
diff --git a/‎src/Types.ts‎
Lines changed: 3 additions & 0 deletions b/‎src/Types.ts‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Webhooks.ts‎
Lines changed: 61 additions & 18 deletions b/‎src/Webhooks.ts‎
Lines changed: 61 additions & 18 deletions
diff --git a/‎src/lib.ts‎
Lines changed: 9 additions & 2 deletions b/‎src/lib.ts‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎src/net/FetchHttpClient.ts‎
Lines changed: 10 additions & 1 deletion b/‎src/net/FetchHttpClient.ts‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎src/net/NodeHttpClient.ts‎
Lines changed: 3 additions & 0 deletions b/‎src/net/NodeHttpClient.ts‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/resources/V2/Billing/LicenseFees.ts‎
Lines changed: 18 additions & 0 deletions b/‎src/resources/V2/Billing/LicenseFees.ts‎
Lines changed: 18 additions & 0 deletions
@@ -1 +1 @@
-4cd98860940da75ae8dfe7384cea405859800e9c
+a527d1f955ea1eab1b7ccdb63001a69d1786fc37
@@ -364,6 +364,7 @@ stripe.off('request', onRequest);
   idempotency_key: 'abc123',         // Only present if provided
   method: 'POST',
   path: '/v1/customers',
+  body: {name: 'test'},              // Only present if emitEventBodies is true
   request_start_time: 1565125303932  // Unix timestamp in milliseconds
 }
 ```
@@ -373,15 +374,16 @@ stripe.off('request', onRequest);
 ```js
 {
   api_version: 'latest',
-  account: 'acct_TEST',              // Only present if provided
-  idempotency_key: 'abc123',         // Only present if provided
+  account: 'acct_TEST',                       // Only present if provided
+  idempotency_key: 'abc123',                  // Only present if provided
   method: 'POST',
   path: '/v1/customers',
-  status: 402,
+  status: 200,
   request_id: 'req_Ghc9r26ts73DRf',
-  elapsed: 445,                      // Elapsed time in milliseconds
-  request_start_time: 1565125303932, // Unix timestamp in milliseconds
-  request_end_time: 1565125304377    // Unix timestamp in milliseconds
+  body: {id: 'cus_123', object: 'customer'},  // Only present if emitEventBodies is true
+  elapsed: 445,                               // Elapsed time in milliseconds
+  request_start_time: 1565125303932,          // Unix timestamp in milliseconds
+  request_end_time: 1565125304377             // Unix timestamp in milliseconds
 }
 ```
 
 
@@ -161,12 +161,15 @@ export class RequestSender {
         statusCode,
         headers
       );
-      this._stripe._emitter.emit('response', responseEvent);
 
       res
         .toJSON()
         .then(
           (jsonResponse) => {
+            if (this._stripe.getEmitEventBodiesEnabled()) {
+              responseEvent.body = jsonResponse;
+            }
+
             if (jsonResponse.error) {
               const isOAuth = typeof jsonResponse.error === 'string';
 
@@ -197,6 +200,12 @@ export class RequestSender {
             return jsonResponse;
           },
           (e: Error) => {
+            if (
+              this._stripe.getEmitEventBodiesEnabled() &&
+              (e as any).rawBody
+            ) {
+              responseEvent.body = (e as any).rawBody;
+            }
             throw new StripeAPIError({
               message: 'Invalid JSON received from the Stripe API',
               exception: e,
@@ -206,6 +215,8 @@ export class RequestSender {
         )
         .then(
           (jsonResponse) => {
+            this._stripe._emitter.emit('response', responseEvent);
+
             this._recordRequestMetrics(requestId, responseEvent.elapsed, usage);
 
             // Expose raw response object.
@@ -219,7 +230,10 @@ export class RequestSender {
 
             callback(null, jsonResponse);
           },
-          (e) => callback(e, null)
+          (e) => {
+            this._stripe._emitter.emit('response', responseEvent);
+            callback(e, null);
+          }
         );
     };
   }
@@ -631,6 +645,9 @@ export class RequestSender {
             ),
             method,
             path,
+            body: this._stripe.getEmitEventBodiesEnabled()
+              ? data ?? undefined
+              : undefined,
             request_start_time: requestStartTime,
           });
 
 
@@ -102,6 +102,7 @@ export type RequestEvent = {
   idempotency_key?: string;
   method?: string;
   path?: string;
+  body?: RequestData;
   request_start_time: number;
   usage?: Array<string>;
 };
@@ -139,6 +140,7 @@ export type ResponseEvent = {
   path?: string;
   status?: number;
   request_id?: string;
+  body?: Record<string, any> | string;
   elapsed: number;
   request_start_time?: number;
   request_end_time?: number;
@@ -221,5 +223,6 @@ export type UserProvidedConfig = {
   stripeContext?: string | StripeContext;
   typescript?: boolean;
   telemetry?: boolean;
+  emitEventBodies?: boolean;
   appInfo?: AppInfo;
 };
@@ -28,12 +28,12 @@ type WebhookParsedEvent = {
   suspectPayloadType: boolean;
 };
 type WebhookTestHeaderOptions = {
-  timestamp: number;
+  timestamp?: number;
   payload: string;
   secret: string;
-  scheme: string;
-  signature: string;
-  cryptoProvider: CryptoProvider;
+  scheme?: string;
+  signature?: string;
+  cryptoProvider?: CryptoProvider;
 };
 
 // export type WebhookEvent = Record<string, unknown>;
@@ -43,16 +43,16 @@ type WebhookSignatureObject = {
     encodedPayload: WebhookPayload,
     encodedHeader: WebhookHeader,
     secret: string,
-    tolerance: number,
-    cryptoProvider: CryptoProvider,
+    tolerance?: number,
+    cryptoProvider?: CryptoProvider,
     receivedAt?: number
   ) => boolean;
   verifyHeaderAsync: (
     encodedPayload: WebhookPayload,
     encodedHeader: WebhookHeader,
     secret: string,
-    tolerance: number,
-    cryptoProvider: CryptoProvider,
+    tolerance?: number,
+    cryptoProvider?: CryptoProvider,
     receivedAt?: number
   ) => Promise<boolean>;
 };
@@ -159,7 +159,7 @@ export function createWebhooks(
           : JSON.parse(payload);
       if (jsonPayload && jsonPayload.object === 'v2.core.event') {
         throw new Error(
-          'You passed an event notification to stripe.webhooks.constructEvent, which expects a webhook payload. Use stripe.parseEventNotification instead.'
+          'You passed an event notification to stripe.webhooks.constructEvent, which expects a webhook payload. Use stripe.parseEventNotificationAsync instead.'
         );
       }
       return jsonPayload;
@@ -211,8 +211,8 @@ export function createWebhooks(
       encodedPayload: WebhookPayload,
       encodedHeader: WebhookHeader,
       secret: string,
-      tolerance: number,
-      cryptoProvider: CryptoProvider,
+      tolerance?: number,
+      cryptoProvider?: CryptoProvider,
       receivedAt?: number
     ): boolean {
       const {
@@ -233,12 +233,17 @@ export function createWebhooks(
         secret
       );
 
+      /**
+       * TODO(MAJOR): https://go/j/DEVSDK-3087
+       * Passing in 0 by default skips timestamp tolerance verifications. Although it is mostly used in test,
+       * we should change the default behavior to pass DEFAULT_TOLERANCE instead of 0 in the next major.
+       */
       validateComputedSignature(
         payload,
         header,
         details,
         expectedSignature,
-        tolerance,
+        tolerance || 0,
         suspectPayloadType,
         secretContainsWhitespace,
         receivedAt
@@ -251,8 +256,8 @@ export function createWebhooks(
       encodedPayload: WebhookPayload,
       encodedHeader: WebhookHeader,
       secret: string,
-      tolerance: number,
-      cryptoProvider: CryptoProvider,
+      tolerance?: number,
+      cryptoProvider?: CryptoProvider,
       receivedAt?: number
     ): Promise<boolean> {
       const {
@@ -274,12 +279,17 @@ export function createWebhooks(
         secret
       );
 
+      /**
+       * TODO(MAJOR): https://go/j/DEVSDK-3087
+       * Passing in 0 by default skips timestamp tolerance verifications. Although it is mostly used in test,
+       * we should change the default behavior to pass DEFAULT_TOLERANCE instead of 0 in the next major.
+       */
       return validateComputedSignature(
         payload,
         header,
         details,
         expectedSignature,
-        tolerance,
+        tolerance || 0,
         suspectPayloadType,
         secretContainsWhitespace,
         receivedAt
@@ -374,6 +384,31 @@ export function createWebhooks(
     };
   }
 
+  /**
+   * Validates that at least one signature in the parsed header matches the
+   * expected signature, and that the event timestamp is within the allowed
+   * {@link tolerance} window (in seconds). Set `tolerance` to `0` to skip
+   * timestamp verification.
+   *
+   * TODO(MAJOR): https://go/j/DEVSDK-3087 - Change this default behavior to use DEFAULT_TOLERANCE instead of 0.
+   * By default, validateComputedSignature doesn't perform timestamp verification.
+   *
+   * This method is mostly meant for tests or offline processing where the delivery time
+   * of the event isn't important.
+   * Integrations that process webhooks as they come in should use constructEvent method instead.
+   *
+   * @param payload The decoded webhook payload string.
+   * @param header  The decoded `stripe-signature` header value.
+   * @param details Parsed header containing timestamp and signatures.
+   * @param expectedSignature HMAC signature computed from the payload and secret.
+   * @param tolerance Maximum allowed age of the event in seconds. Use 0 to skip timestamp tolerance verification.
+   * @param suspectPayloadType Whether the payload was not a string or Buffer.
+   * @param secretContainsWhitespace Whether the signing secret contains whitespace.
+   * @param receivedAt - Timestamp for age calculation
+   * @returns `true` if the signature and timestamp are valid.
+   *
+   * @throws {StripeSignatureVerificationError} If verification fails.
+   */
   function validateComputedSignature(
     payload: string,
     header: string,
@@ -436,11 +471,12 @@ export function createWebhooks(
 
   function parseHeader(
     header: WebhookHeader,
-    scheme: string
+    scheme?: string
   ): WebhookParsedHeader | null {
     if (typeof header !== 'string') {
       return null;
     }
+    scheme = scheme || signature.EXPECTED_SCHEME;
 
     return header.split(',').reduce<WebhookParsedHeader>(
       (accum, item) => {
@@ -478,7 +514,13 @@ export function createWebhooks(
 
   function prepareOptions(
     opts: WebhookTestHeaderOptions
-  ): WebhookTestHeaderOptions & {
+  ): Omit<
+    WebhookTestHeaderOptions,
+    'timestamp' | 'scheme' | 'cryptoProvider'
+  > & {
+    timestamp: number;
+    scheme: string;
+    cryptoProvider: CryptoProvider;
     payloadString: string;
     generateHeaderString: (signature: string) => string;
   } {
@@ -489,7 +531,8 @@ export function createWebhooks(
     }
 
     const timestamp =
-      Math.floor(opts.timestamp) || Math.floor(Date.now() / 1000);
+      (opts.timestamp && Math.floor(opts.timestamp)) ||
+      Math.floor(Date.now() / 1000);
     const scheme = opts.scheme || signature.EXPECTED_SCHEME;
     const cryptoProvider = opts.cryptoProvider || getCryptoProvider();
     const payloadString = `${timestamp}.${opts.payload}`;
 
@@ -2,7 +2,7 @@ import {Agent} from 'http';
 
 import {RequestAuthenticator} from './Types.js';
 import {ApiVersion} from './apiVersion.js';
-import {HttpClient} from './net/HttpClient.js';
+import {HttpClientInterface} from './net/HttpClient.js';
 import {StripeContext} from './StripeContext.js';
 
 export declare class StripeResource {
@@ -59,7 +59,7 @@ export interface StripeConfig {
    * Useful for making requests in contexts other than NodeJS (eg. using
    * `fetch`).
    */
-  httpClient?: HttpClient;
+  httpClient?: HttpClientInterface;
 
   /**
    * Request timeout in milliseconds.
@@ -89,6 +89,13 @@ export interface StripeConfig {
    */
   telemetry?: boolean;
 
+  /**
+   * Pass `emitEventBodies: true` to include request and response bodies
+   * in the `request` and `response` events emitted by the Stripe client.
+   * Bodies may contain sensitive data. Defaults to false.
+   */
+  emitEventBodies?: boolean;
+
   /**
    * For plugin authors to identify their code.
    * @docs https://stripe.com/docs/building-plugins?lang=node#setappinfo
 
@@ -183,7 +183,16 @@ export class FetchHttpClientResponse extends HttpClientResponse
   }
 
   toJSON(): Promise<any> {
-    return this._res.json();
+    return this._res.text().then((text) => {
+      try {
+        return JSON.parse(text);
+      } catch (e) {
+        if (e instanceof Error) {
+          (e as any).rawBody = text;
+        }
+        throw e;
+      }
+    });
   }
 
   static _transformHeadersToObject(headers: Headers): ResponseHeaders {
 
@@ -137,6 +137,9 @@ export class NodeHttpClientResponse extends HttpClientResponse
         try {
           resolve(JSON.parse(response));
         } catch (e) {
+          if (e instanceof Error) {
+            (e as any).rawBody = response;
+          }
           reject(e);
         }
       });
 
@@ -218,6 +218,11 @@ export interface LicenseFee {
    */
   display_name: string;
 
+  /**
+   * The ID of the license fee's most recently created version.
+   */
+  latest_version: string;
+
   /**
    * A Licensed Item represents a billable item whose pricing is based on license fees. You can use license fees
    * to specify the pricing and create subscriptions to these items.
@@ -249,6 +254,17 @@ export interface LicenseFee {
    */
   service_cycle: V2.Billing.LicenseFee.ServiceCycle;
 
+  /**
+   * The interval for assessing service.
+   */
+  service_interval: V2.Billing.LicenseFee.ServiceInterval;
+
+  /**
+   * The length of the interval for assessing service. For example, set this to 3 and `service_interval` to `"month"` in
+   * order to specify quarterly service.
+   */
+  service_interval_count: number;
+
   /**
    * The Stripe Tax tax behavior - whether the license fee is inclusive or exclusive of tax.
    */
@@ -293,6 +309,8 @@ export namespace V2 {
         interval_count: number;
       }
 
+      export type ServiceInterval = 'day' | 'month' | 'week' | 'year';
+
       export type TaxBehavior = 'exclusive' | 'inclusive';
 
       export type TieringMode = 'graduated' | 'volume';
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-4cd98860940da75ae8dfe7384cea405859800e9c`
	`1`	`+a527d1f955ea1eab1b7ccdb63001a69d1786fc37`