#un!t

hello! when you try to create a restricted API key, you should select these permissions for the webhook

Thats just it? Because i am getting a 403, even with a key under STRIPE_WEBHOOK_SECRET env key

With webhook permission

this is the current api key

do you have the request id where you're getting a 403?

webhook id: we_1LrJkLLwDjSXOsgWyWUAmYaZ

eventg id: evt_1Ls1KFLwDjSXOsgWuE1TlU58

does this help? 😄

sorry, gimme a while, still looking into it

ok np

👋 taking over this thread. looking into it now

After having a look at evt_1Ls1KFLwDjSXOsgWuE1TlU58, 403 (forbidden) error is returned from your webhook endpoint to Stripe

Correct, can you show me what api key is getting returned?

I use one with the permission which alex said

but i am getting 403

but i dont get why i am getting 403

could you explain how you use this restricted key?

API key is only required during signature verification: https://stripe.com/docs/webhooks/quickstart

However, 403 (forbidden) error returned from you is likely before reaching to signature verification part.

API key doesn't play a role of returning 403 in this case

Oh okay, hmm i will take a look.

The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it [0]. I'd recommend checking why your server for webhook endpoint is not accepting Stripe events.

[0] https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403

yes, but i dont get a "error" server side

POST stripe/webhook ..................................... cashier.webhook › Laravel\Cashier › WebhookController@handleWebhook

the webhook route is registered

server time is Thu Oct 13 09:45:33 CEST 2022

what "time" does the webhook send?

because i saw, that there can be a issue with not matching timezones?

this event was retried a few times. you can refer to the timestamp of each retry here: https://dashboard.stripe.com/test/events/evt_1Ls1KFLwDjSXOsgWuE1TlU58

or i once got a error, that it cant verify the request because of time validation error of the request

403 is forbidden, so it's not even reaching to the verification part

okay, i will try to find why its not reaching the laravel application

can we leave this open, so i can comeback?

No signatures found matching the expected signature for payload

does this ring any bells?

Ah yes! This means that the event signature mismatch

Does 403 relate to this error?

got it resolved

great to see that it got resolved!

if you see that error again: tell the customer to use this

not the api key

Yes! Webhook should use webhook secret instead of API key

Sorry that I didn't notice this earlier

no problem 🙂 "event signature mismatch" and a stack overflow post guided me in the right direction 😄

so thanks anyways 🙂

no problem! happy to see the issue got resolved!

nice support so far 😛 i cant recall by anymeans what that crypto dude says

maybe its his shady business? 😄

glad that you have nice experience with us 😄

only one thing thats bad 😄 someone from you said that paypal will come some day, and after half a year we get the info, that it will never come 😄

but apart from that, both customer support and the dev support here is good 🙂