Devi | Stripe Developers | Page 1

edgy smeltBOT Sep 26, 2022, 1:36 AM

#

north slate Sep 26, 2022, 1:36 AM

#

hello! can you share the code which you're using to process the webhook? Remember to redact any secret keys

#

please don't share any secret keys!

forest laurel Sep 26, 2022, 1:38 AM

#

var json = await new StreamReader(HttpContext.Request.Body).ReadToEndAsync();
logger.Log(EntityMiddleware.Enums.LOGTYPE.ERROR, json, "WebHookController", "StripeWebhookCall");
const string endpointSecret = "whsec_";
//try
//{
var stripeEvent = EventUtility.ParseEvent(json);
logger.Log(EntityMiddleware.Enums.LOGTYPE.ERROR, stripeEvent.Type, "WebHookController", "StripeWebhookCall");
var signatureHeader = Request.Headers["Stripe-Signature"];

        logger.Log(EntityMiddleware.Enums.LOGTYPE.ERROR, Request., "WebHookController", "StripeWebhookCall");
        stripeEvent = EventUtility.ConstructEvent(json, signatureHeader, endpointSecret);

north slate Sep 26, 2022, 1:39 AM

#

@forest laurel like i mentioned, please redact any secret keys, that includes the endpointSecret

#

you'd probably want to roll that key since it's considered as compromised at this point (you've shared it on Discord which is a public channel)

forest laurel Sep 26, 2022, 1:43 AM

#

ok Alex, i redact the secret key in the above code snippet. Please verify

#

since this is test mode key.so i shared here

north slate Sep 26, 2022, 1:45 AM

#

how are you testing webhooks? Are you forwarding the webhooks to a local endpoint using the Stripe CLI?

forest laurel Sep 26, 2022, 1:50 AM

#

Yes, I added my Https webhook endpoint in my stripe account. And i created webhook controller api method to get webhook response

north slate Sep 26, 2022, 1:52 AM

#

Can you share your account id? It'll look like acct_123

forest laurel Sep 26, 2022, 1:54 AM

#

acct_1LdRMYAa7lu4vKn2

north slate Sep 26, 2022, 2:02 AM

#

i'd suggest that you try to run the sample here : https://stripe.com/docs/webhooks/quickstart?lang=dotnet with your endpoint secret to see if it works first

#

generally, there're a couple of reasons for receiving that error :

Wrong webhook secret.

Note : If you're using the Stripe CLI to forward events on to a local endpoint, you should make sure that you're using the CLI webhook secret instead. The CLI's webhook secret is different from the secret of the webhook endpoint(s) defined via the Dashboard/API.

The encoding on the string with the event data is not set to UTF-8. (Stripe treats everything as UTF-8 in our API, and so the string we would have signed ends up being different than the one the user sees. If this is the case, you'll need to enforce the encoding in your code.)
Something in your integration is modifying the raw request body. For the signatures to match, you need to calculate it on the exact same raw string as Stripe did. For this, you'll need to ensure that you get the raw body of the HTTP request that Stripe sends you, without any interference by your code or any other framework in the middle.

#Devi