DEV Community

Pritom Mazumdar
Pritom Mazumdar

Posted on

Carbon Layer v0.5.1 — Chaos testing for payment webhooks, now with Juspay (4 providers supported)

#opensource #python #stripe #webdev

Quick update on Carbon Layer — the open-source chaos engineering tool for payment flows.

What's new in v0.5

Juspay support -> Carbon Layer now generates Juspay-specific webhook payloads (ORDER_SUCCEEDED, ORDER_FAILED, ORDER_REFUNDED) with Basic Auth signing. That brings us to 4 providers:

  1. Razorpay
  2. Signature Header: X-Razorpay-Signature
  3. Signing Method: HMAC-SHA256
  4. Encoding: Hex
  5. Stripe
  6. Signature Header: Stripe-Signature
  7. Header Format: t=..., v1=...
  8. Signing Method: HMAC-SHA256
  9. Extra: Includes timestamp for replay-attack protection
  10. Cashfree
  11. Signature Header: x-webhook-signature
  12. Signing Method: HMAC-SHA256
  13. Encoding: Base64
  14. Juspay
  15. Header: Authorization: Basic ...
  16. Authentication Method: Basic Auth
  17. Format: Base64 encoded username:password credentials

Each implementation is verified against the provider's official documentation.

# Juspay webhooks (new)
carbon run dispute-spike --provider juspay --juspay-key your_key --juspay-merchant-id your_mid --webhook-url http://localhost:8000/webhooks

# Stripe webhooks
carbon run dispute-spike --provider stripe --webhook-url http://localhost:8000/webhooks

# Cashfree webhooks
carbon run dispute-spike --provider cashfree --webhook-url http://localhost:8000/webhooks

# Razorpay webhooks
carbon run dispute-spike --provider razorpay --webhook-url http://localhost:8000/webhooks
Enter fullscreen mode Exit fullscreen mode

Why Juspay is different

Juspay doesn't use HMAC signing for webhooks —> it uses Basic Auth. Their webhook payload format is also unique: everything is wrapped under content.order rather than separate entity types. Disputes are dashboard-only (no API), and payments auto-capture (no manual capture step). The adapter handles all of these quirks.

Quick start

pip install carbon-layer
carbon run dispute-spike --provider mock --webhook-url http://localhost:8000/webhooks
Enter fullscreen mode Exit fullscreen mode

No database setup, no gateway credentials. SQLite by default, PostgreSQL optional.

What Carbon Layer does

If you're new here —> Carbon Layer simulates payment failure modes (dispute spikes, refund storms, gateway errors) and fires signed webhook events at your endpoint. It reports exactly what your handler returned for each event type.

7 scenarios built in. 4 providers. HTML reports. CI/CD callbacks.

What's next

We're building a hosted version with dashboards, scheduled runs, and compliance reports for teams.

Join the waitlist: pritom14.github.io/carbon-layer/waitlist

GitHub: github.com/Pritom14/carbon-layer

Feedback welcome : especially from teams using Juspay in production.

Top comments (0)