Daraja.CallbackURL (daraja v0.1.0)

Copy Markdown View Source

Validates callback URLs before they are registered with Safaricom.

Safaricom's servers call these URLs on payment events. Rejecting unsafe values at the library boundary reduces server-side callback SSRF risk when URLs come from multi-tenant input or compromised credentials.

Configuration

config :daraja,
  environment: :production,
  validate_callback_urls: true,
  allowed_callback_hosts: ["myapp.com", "api.myapp.com"]
  • :validate_callback_urls — when false, validation is skipped in :sandbox only. Production always validates.
  • :allowed_callback_hosts — when set, the URL host must match an entry exactly or be a subdomain of one. Omit to allow any public hostname.

Rules

  • Production requires https://. Sandbox also allows http://.
  • Literal private, loopback, link-local, and metadata addresses are rejected.
  • Known metadata hostnames (for example metadata.google.internal) are rejected.

Summary

Functions

validate(url, opts \\ [])

@spec validate(
  String.t(),
  keyword()
) :: :ok | {:error, String.t()}

validate_all(params, fields, opts \\ [])

@spec validate_all(map(), [atom()], keyword()) ::
  :ok | {:error, [{atom(), String.t()}]}