Is this enough to secure stripe webhook endpoint?

Question

I am trying to get notifications form stripe about the events occured. This is the webhook endpoint which I used. The URL must be publicly accessed. When consider security, is this enough or should I use any other approach?

    [HttpPost("WebHook/{id}")]
    public async Task<IActionResult> WebHook(int id)
    {
        var json = await new StreamReader(HttpContext.Request.Body).ReadToEndAsync();
        Event stripeEvent;
        try
        {
            //Get webhook secret 
            string webHookSecret = XXXX;

            //Construct stripe Event
            stripeEvent = EventUtility.ConstructEvent(
                json,
                Request.Headers["Stripe-Signature"], 
                webHookSecret
            );
        }
        catch (Exception ex)
        {
            LoggingUtil.LogError(ex, ex.Message);
            return BadRequest();
        }
  }

Answer 1

The webhook signature verification alone is not enough, if only because Stripe uses message authentication with a shared secret rather than asymmetric cryptography digital signatures. If you don't have the paranoid intention of building a bulletproof server, you can start with Stripe's security recommendations. Trivial IP address filtering can make your URL not so "publicly accessible".