#connect-webhook-payments

Hey! Can you clarify what's "weird"?

Like on our end we sent you the event and you replied with a 200

Yeah, it is really weird. That's what's weird. Direct webhooks get logged perfectly. Connect webhooks are not.

yeah I can't tell you much more here, this purely looks like something on your end right now

ok yes. it is always happening with Stripe. Ongoing issue making it hard to test Stripe webhooks but it does seem to be on our end. Usually it was do to endpoint being disabled. OK on our end methinks.

I don't get your answer this time

like this event was sent to 2 of your endpoints, both clearly responded with a 200 + {status: 200} as far as I can tell

Note also that Events sent to Connect webhook endpoints will also be sent to your Live Connect webhook endpoint so that Event was sent to 2 different endpoints

maybe that's the confusion you have?

https://stripe.com/docs/connect/webhooks

For Connect webhooks, it’s important to note that while only test webhooks will be sent to your development webhook URLs, both live and test webhooks will be sent to your production webhook URLs. This is due to the fact that you can perform both live and test transactions under a production application. For this reason, we recommend you check the livemode value when receiving an event webhook to know what action, if any, should be taken.

Yeah okay I think that's the confusion, both endpoints are in Live mode and you likely just ignore those Events and don't realize that's where they go

Yeah, OK, this does always confuse me.
So I have our main application which is in production but I use it to be the testing platform application.

We connect another standard Stripe account and I am testing locally. In that connected account we are able to make both live payment buttons and test payment buttons. I am using a test payment button.

So is my production application returning the 200?

I am trying to get the webhook sent to my ngrok URL so I can see the params and debug.

That account would need to be connected in Test mode in that case

OK, this has been an error for like 5 years or a point of confusion.

I mean there's no error

but yes it's confusing, I've explained this dozens of times :p

When we Oauth and go through the Oauth flow, are you saying to....

so I totally hear you

pass in the ca_test key when we are coding in development?

Mostly, when you're testing things, connect accounts in Test mode using your Development ca_123 during the OAuth flow yes

OK koopajah, here is the issue. I totally hear you but here it is.

We decided to be awesome and let our connected customers benefit from making test payment buttons and testing things before they make live payment buttons.

So when we pull in Stripe Prices, we pull in both the test and live prices (in production). We like to test things like making sure a dropdown menu listing both live and test prices is easy to read (everything is marked as live or test). So in order to do that, we need to use a LIVE key!

So for testing webhooks, sounds like I need to disconnect and reconnect with test keys only.

And for testing things like live prices appearing correctly we have re-oauth and connect with live keys so we can get both live and test. Is that correct?

I think that is the thing that always screws me up is that we cannot just connect once and be done with it. The issue is that even in development we need to test what happens with livemode stuff.

uri = 'https://connect.stripe.com/oauth/token'

that's a lot of words 😅

1/ You don't have to disconnect you can additionally connect in Test mode too.

2/ There's a legacy/obscure way to "force" a Test mode connection after a Live mode one which seems to be what you want here (I'll dig up how in a sec)

3/ When you are testing, yourself, you shouldn't need a Live mode connection. So you should be able to test this with OAuth in Test mode in a few seconds

:client_secret is our live or test key?

I don't know what that means

Sorry, during the Oauth flow where we submit to uri = 'https://connect.stripe.com/oauth/token'

still unclear what that could mean

OK, in the auth flow when we post to stripe api to get the permanent access token, in the body there is a key called "client_secret" and we pass in either our live or test key.

Is there a way to (A) receive webhooks but also (B) make live payment buttons....while we are testing in development but have a live application running in production?

https://stripe.com/docs/connect/oauth-reference#post-token-request

Make this call using your secret API key as a client_secret POST parameter:

yes i know

but the test or live one?

It depends what you are trying to do?

haha ok

Sorry let's take a step back because you're going way too fast and mixing most of it up

especially after years of doing it one way and not understanding

Let me write a longer summary all in one message please. Will take some time, please be patient

I think we are "forcing" it in our old app. We are connecting once with the live key and then again with the test key so we are connecting in both.

You want to connect accounts in Live mode but also offer Test mode access. This is something we made a lot easier early 2015 where Test mode access is given implicitly when you have a Live mode connection. What this means is that after OAuth in Live mode (with your Production ca_12345) you can then make API Requests on that connected account in Live mode with your Live Secret API key and in Test mode with your Test Secret API key.
This is something you have successfully done for years and almost every API we support works that way today (there are a few exceptions I won't get into since you've never encountered them).

Now one problem you have encountered that likely confused you for a long time is the behaviour of Events on connected accounts. For some reason, you could see the Events be generated and sent but you never had any trace of those. The reason is a quirk on our end due to how Connect was originally designed in 2012. Events are generated on an account and sent to that account's webhook endpoint(s) if any. If the account is connected to a platform, the Events are also sent to that platform's Connect webhook endpoint(s) if any. But there's a catch:

• If the account is connected in Test mode, the Test mode Events are sent to the platform's Test mode Connect webhook endpoints
• If the account is connected in Live mode, both the Test mode and Live mode Events are sent to the platform's Live mode Connect webhook endpoints

This is what is happening to you. Test mode Events happen due to Test mode API requests you make. But the Events are only sent to your Live mode Connect webhook endpoints because you only have a Live mode connection.

One quick and dirty solution is to force your user to connect a second time after OAuth in Live mode. You would just send them to OAuth again with your Test mode client id ca_123 to have both a Live and Test mode connection. While this works, it's not... great and user-friendly.

Now, there's an alternative approach. It's not well documented because you almost never need it except in this specific case. The idea is that after you finish the connection in Live mode via /oauth/token, you can do a second call to force the Test mode connection. You would use the same /oauth/token endpoint but instead of passing grant_type: 'authorization_code' you pass grant_type: 'refresh_token' and you also pass refresh_token: 'xxxxxxxxx'. The value for it is something you got back during the Live mode connection. It's one of the properties documented here: https://stripe.com/docs/connect/oauth-reference#post-token-response

OK, this is making sense.

One alternative I want to present. Can we just connect with the live key and then go into the connect account and just revoke the livemode access so we can test events and receive them in development?

would that work?

Not at all no. You'd just lose all access

ok. let me read your alternative approach. 🙂

Yes, wait we do that already. 🙂
post_to_stripe_api_to_get_test_only_access_token

Hold on. Can I send you a dm with two account ids?

sure

but I can tell you the one associated with the Event id you shared at the beginning is only connected in Live mode

the one you DM-ed me is exactly the same as the Event one

and so that one is only connected in Live mode

no still only Live mode, no Test mode connection @last garden

Even though when I toggle to testmode in the dashboard I see the connection?

as far as I can tell yes, it's not in Test mode right now

Koopajah, I am confused since we make the API call as you suggested with the refresh token.

Does the call work? Do you get back a valid response?

one sec. I will disconnect and try the flow agin

OK, access revoked

yup

response.code == 200 for that call

Then I have no idea. I'm looking but will likely have to send you to support

ok no worries. issue always made me crazy but I hear you and am more clear on what is happening so thank you.

For now and for the past 5 years, I just toggle the code between passing in the live key during Oauth and the test key but haven't been clear on when it was causing trouble. Now I am thank you!

👍

yeah okay I'm seeing the exact same behaviour, it's like the Test mode connection flow isn't working anymore.

I'd recommend emailing in, but I'll flag this too

aha!

😉

Okay I flagged internally. I wish we just forced a Test mode connection once and for all and that it just worked. One day.

Going to archive but if you work with our support team they can help narrow it down

OK, "error_description"=>"Passed in testmode API key but authorization code only supports returning live keys"}
I think it may be that we need to toggle both the ca_ and sk_ and I was just toggling the sk_. Let me try that.,....

I am going to try your alernative solution and test it with different ca_ and sk_ and cross fingers. I am always trying to debug something else when this comes up and have just been delaying figuring this out. 🙂

Last thing for koopajah. Yes, if I use the test ca_ key and the sk_test in development when I Oauth I can get webhooks. Yay! And I understand why that is happening better. I do need to swap out the ca_ test key for a ca_live key and the sk_test key for the sk_live key in development when testing things like dropdowns with both live and test Prices but that is what I have done for 5 years so OK. If there is a better solution that accomplishes both goals, I am would love to just write this code once and not have to toggle keys. 🙂

stepping in for koopajah here. maybe you could create separate connected accounts for live and test?