DEV Community

Pritom Mazumdar
Pritom Mazumdar

Posted on

Carbon Layer v0.4 — Chaos testing for payment webhooks, now with Stripe and Cashfree support

#opensource #python #stripe #webdev

A few days ago I shared Carbon Layer -> an open-source chaos engineering tool for payment flows. Here's what's new:

Multi-provider webhook support

Carbon Layer now generates provider-specific webhook payloads for Razorpay, Stripe, and Cashfree with the correct signing format for each:

  1. Razorpay
  2. Signature Header: X-Razorpay-Signature
  3. Signing Method: HMAC-SHA256

  4. Encoding: Hex encoded

  5. Stripe

  6. Signature Header: Stripe-Signature

  7. Header Format: t=timestamp, v1=signature

  8. Signing Method: HMAC-SHA256

  9. Extra Security: Includes timestamp verification to prevent replay attacks

  10. Cashfree

  11. Signature Header: x-webhook-signature

  12. Signing Method: HMAC-SHA256

  13. Encoding: Base64 encoded

Your webhook handler gets tested with the exact same format and signing it sees in production. We verified each implementation against the provider's official documentation.

# Stripe webhooks
carbon run dispute-spike --provider stripe --webhook-url http://localhost:8000/webhooks

# Cashfree webhooks
carbon run dispute-spike --provider cashfree --webhook-url http://localhost:8000/webhooks

# Razorpay webhooks (original)
carbon run dispute-spike --provider razorpay --webhook-url http://localhost:8000/webhooks
Enter fullscreen mode Exit fullscreen mode

Zero-config install

The other big change — PostgreSQL is no longer required. Carbon Layer now uses SQLite by default:

pip install carbon-layer
carbon run dispute-spike --provider mock --webhook-url http://localhost:8000/webhooks
Enter fullscreen mode Exit fullscreen mode

No database setup. No environment variables. Two commands and you're testing.

PostgreSQL is still supported for teams: pip install carbon-layer[postgres]

What Carbon Layer does

If you missed the first post — Carbon Layer simulates payment failure modes (dispute spikes, refund storms, gateway errors) and fires signed webhook events at your endpoint. It reports exactly what your handler returned for each event type.

7 scenarios built in. Provider specific signed payloads. HTML reports. CI/CD callbacks.

What's next

We're building a hosted version with dashboards, scheduled runs, and compliance reports for teams.

If that interests you, join the waitlist:carbon-pro-waitlist

GitHub: github.com/Pritom14/carbon-layer

Feedback welcome —> especially if you've tried it against your Stripe/Razorpay or Cashfree webhook handlers.

Top comments (0)