#bweathers

Hi there

What is happening exactly?

Are you seeing an error?

1. so first on Heroku I had "stripe listen --forward-to=blooming-wildwood-53220.herokuapp.com/stripe/events" in my procfile.

But on railway it will not build with a similar line in the Procfile.

2. I have run the stripe cli in the railway cli which works until I try to listen there, I am running:

railway run stripe listen --forward-to getv210-production.up.railway.app/webhooks/

with that all of the webhooks come back as 301s

3. I am getting an error email from stripe says they:

The URL of the failing webhook endpoint is: https://getv210-production.up.railway.app/webhooks

The webhook is set up as:

https://getv210-production.up.railway.app/webhooks/

Thanks for your help!

I'm not super familiar with Rails. Let me pull in a colleague

One sec

Hello! Stripe CLI is only intended for local testing. If you have your code running on a server you should set up a Webhook Endpoint in the Dashboard or via the API and point it at your server's webhook URL. Is that what you've done for #3?

That URL is returning a 404 not found response when I try to send a POST request to it.

> POST /webhooks HTTP/2
> Host: getv210-production.up.railway.app
> user-agent: curl/7.84.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
< HTTP/2 404 
< content-type: text/html
< x-railway-fallback: true
< content-length: 1282
< date: Thu, 01 Dec 2022 23:33:05 GMT
< server: railway

So I have set the webhook end point in the dashboard.

I am not really sure how the discord chats work so I did not put the actual path in the chat. I can give you the actual path if its private

Ah, no, this is not private.

Anyone can hop in here and see this thread.

If you run curl <actual URL> -X POST -v do you get something other than a 404 response back?

POST / HTTP/1.1

Host: getv210-production.up.railway.app
User-Agent: curl/7.79.1
Accept: /

• Mark bundle as not supporting multiuse
  < HTTP/1.1 301 Moved Permanently
  < location: https://getv210-production.up.railway.app/
  < date: Thu, 01 Dec 2022 23:37:26 GMT
  < server: envoy
  < content-length: 0
  <
• Connection #0 to host getv210-production.up.railway.app left intact

Yeah, so that's a 301 redirect, which we consider a failure for the purposes of a Webhook Endpoint URL.

You need to set the actual, final URL.

So if you do curl <URL in the location header> -X POST -v what do you get back?

sorry to be dumb but where would I get the URL in the location header

It's in the response you got back from the previous command:

< location: https://getv210-production.up.railway.app/

I assume you redacted part of that though, correct?

Yes

Yep, so use the full URL there and see what you get back.

And not a dumb question at all! I'm here to help, and I'm happy to help you figure this out. 🙂

curl getv210-production.up.railway.app -X POST -v

• Trying 104.196.232.237:80...
• Connected to
  getv210-production.up.railway.app (104.196.232.237) port 80 (#0)

POST / HTTP/1.1
Host: solobudgetv210-production.up.railway.app
User-Agent: curl/7.79.1
Accept: /

Make sure you include the https:// in the beginning and the full path and try again.

Should be something like curl https://getv210-production.up.railway.app/full/path/here -X POST -v

curl https://getv210-production.up.railway.app -X POST -v

• Trying 104.196.232.237:443...
• Connected to getv210-production.up.railway.app (104.196.232.237) port 443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• successfully set certificate verify locations:
• CAfile: /etc/ssl/cert.pem
• CApath: none
• (304) (OUT), TLS handshake, Client hello (1):
• (304) (IN), TLS handshake, Server hello (2):
• (304) (IN), TLS handshake, Unknown (8):
• (304) (IN), TLS handshake, Certificate (11):
• (304) (IN), TLS handshake, CERT verify (15):
• (304) (IN), TLS handshake, Finished (20):
• (304) (OUT), TLS handshake, Finished (20):
• SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
• ALPN, server accepted to use h2
• Server certificate:
• subject: CN=*.up.railway.app
• start date: Oct 28 18:00:05 2022 GMT
• expire date: Jan 26 18:00:04 2023 GMT
• subjectAltName: host "solobudgetv210-production.up.railway.app" matched cert's "*.up.railway.app"
• issuer: C=US; O=Let's Encrypt; CN=R3
• SSL certificate verify ok.
• Using HTTP2, server supports multiplexing
• Connection state changed (HTTP/2 confirmed)
• Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
• Using Stream ID: 1 (easy handle 0x7fd0b880c800)

POST / HTTP/2
Host: getv210-production.up.railway.app
user-agent: curl/7.79.1
accept: /

• Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
  < HTTP/2 404
  < content-type: text/html; charset=UTF-8
  < x-request-id: aec6dc35-5abe-4eae-becc-9f5a19993659
  < x-runtime: 0.001913
  < strict-transport-security: max-age=63072000; includeSubDomains
  < content-length: 1722
  < x-envoy-upstream-service-time: 237
  < date: Thu, 01 Dec 2022 23:46:42 GMT
  < server: railway

That's a 404 not found response. Are you sure that's the correct URL?

Also, you can format code blocks on Discord using three backticks if you want. 🙂

I think so but it is the first app I have tried to push up to Railway

Ok thanks

Do the other URLs for the app work as expected, or is this the only URL?

only one, I will talk to them on their discord page. I just moved over from Heroku so

Thanks so much for your time and help!

Do you have an Event ID (starts with evt_) that we tried to deliver to this endpoint but failed?

So I can look it up on our end?

no I was just doing 'stripe trigger checkout.session.completed' in a second stripe cli pane

The Event IDs should be listed over there.

After you run that command.

Oh, wait, I guess they aren't.

I'm thinking of stripe listen.

price.created [evt_1MAKyOBtD3RiHBuOEHSZkt90]

Looking...

Ah, okay, that one is showing an error from your server indicating a signature issue. Have a look in your Stripe Dashboard here: https://dashboard.stripe.com/test/events/evt_1MAKyOBtD3RiHBuOEHSZkt90

Expand the webhook attempt and look at the response from your server.

The failed one I mean.

okay

Usually signature validation issues are related to the body of the request being modified before you perform signature verification. Stripe's signature verification code needs the raw, unaltered body to work. Try adjusting your middleware to avoid anything that might access the body of the request before it hits the signature validation code.

I will chat with the Railway people tomorrow and see if I can understand the URL better.

I think the URL is correct, actually.

It worked fine the last couple on Heroku

That Event delivery attempt isn't getting a 404 or anything, it's getting an error from your code.

OK but I have not tried it in the app yet. Just in the stripe CLI

Sorry, maybe I misunderstood. The Event ID you provided above was sent to a railway.app Webhook Endpoint URL and the delivery failed. Is that not what we're discussing?

Meaning is that not the app?

No I had two panes open one inside the Railway CLI to listen and one just the stripe cli. Before I tried "stripe listen --forward-to", I was getting the following:

railway run stripe listen --events checkout.session.completed,payment_intent.succeeded

Ready! You are using Stripe API Version [2020-08-27]. Your webhook signing secret is whsec_c7e145149cb939287288089c14fa2261731cd5bc0d9fdba213d440c776ed5fb9 (^C to quit)
2022-12-01 16:39:28 --> payment_intent.succeeded [evt_3MAKTaBtD3RiHBuO1GM654vN]
2022-12-01 16:39:28 --> checkout.session.completed [evt_1MAKTeBtD3RiHBuOObzmdy9F]

I believe those were successful??

Let's focus on this one specific Event, the one you mentioned earlier: evt_1MAKyOBtD3RiHBuOEHSZkt90

That Event was sent to two different Webhook Endpoints, one of which was a railway.app URL. Do you see the destinations in the Dashboard?

Yes they all say they have a pending webhook

Okay, so is the railway.app one the app we're talking about?

yep

Okay, so in that case I believe the URL is correct, but the code needs to be altered to get this working.

Do you see the response you got back from that URL?

sorry where would I see that?

In the Dashboard, after you expand the delivery attempt for the raleway.app Webhook Endpoint URL.

Do you see the response there?

sorry I am not seeing how to get to where you are.

Go here: https://dashboard.stripe.com/test/events/evt_1MAKyOBtD3RiHBuOEHSZkt90

"message": "No signatures found matching the expected signature for payload"

Yep, so that's the response coming from your app. That's an error the code is returning.

Sorry I know you are working hard to help me but I have people waiting on me for dinner. Thanks so much

The code is receiving the Event and attempting to validate it, but failing, likely because the body of the request has been altered.

So what does that mean

It means you need to find the part of the code that's altering the body of the request before signature verification and alter it so that doesn't happen.

Are say the rails code is not working?

Yes.

So it works fine locally and on Heroku

I am just trying to move it over to Railway

My guess is something about the Railway environment changed the behavior.

Maybe there are different versions of the dependencies on Railway?

OK thats a big help, I will check with them? Thanks so much, you have been great

Happy to help! Good luck with it!