Kairo | Stripe Developers | Page 1

livid nacelleBOT Mar 30, 2023, 3:15 PM

#

pure sluice Mar 30, 2023, 3:16 PM

#

Signature verification error has nothing to do with listing line items. That error occurs when you make the call to verify the webhook signature

#

But that can be caused by many things

smoky crater Mar 30, 2023, 3:19 PM

#

Thanks. Sure. It is surprising though because i am already using this key in the first place but it does not work if i start another api call to get listLineItems.

So you saying getting listLineItems should be possible locally ?

pure sluice Mar 30, 2023, 3:22 PM

#

Can you share your webhook endpoint code? Am a bit confused here. Want to see what you're doing in entirety

bronze depot Mar 30, 2023, 3:22 PM

#

@pure sluice The relevant code is this:


async function handler (request, _h) {
  const payload = request.payload.toString()
  const signature = request.headers['stripe-signature']

  try {
    const event = Stripe.webhooks.constructEvent(
      payload,
      signature,
      Config.stripe.secret
    )

    switch (event.type) {
      case 'checkout.session.completed': {

        const checkoutSession = event.data.object
        console.log('checkout.session.completed checkoutSession', JSON.stringify(checkoutSession, null, 2))

        const lineItems = await Stripe.checkout.sessions.listLineItems(checkoutSession.id)
        console.log('lineItems', lineItems)

      default: {
      }
    }

    return { received: true }
  } catch (err) {
  }
}

The verification works just fine - but the call to checkout.sessions.listLineItem fails.

smoky crater Mar 30, 2023, 3:24 PM

#

Yes this is the relevant code

pure sluice Mar 30, 2023, 3:31 PM

#

Doesn't make sense why you're getting a signature verification error though

#

Do if you comment out just that 1 line everything works?

bronze depot Mar 30, 2023, 3:34 PM

#

well, there is only the webhook validation ... it's the only additional call we need .... to get the line_items (that unfortunately are no longer available right on the webhook)

#

and that call fails

#

now the question is whether that could be related to the local testing

#

and whether it might work in a live/test environment

#

or whether something else is off

pure sluice Mar 30, 2023, 3:39 PM

#

Can you just try to comment out that line and test if it works? Signature verification error has nothing to do with listing line items

smoky crater Mar 30, 2023, 3:40 PM

#

if we comment out "Stripe.checkout.sessions.listLineItems" it works just fine

pure sluice Mar 30, 2023, 3:47 PM

#

Can you share a screenshot of the error message then?

bronze depot Mar 30, 2023, 4:00 PM

#

The "ERROR stripe webhook signature verification" was misleading.
The real error is:

Invalid API Key provided: whsec_ad**********************************************************4831

smoky crater Mar 30, 2023, 4:00 PM

#

Hi,
this is the more specific error message happening

StripeAuthenticationError: Invalid API Key provided: whsec_ad**********************************************************4831
    at res.toJSON.then.Error_js_1.StripeAPIError.message (***/node_modules/stripe/cjs/RequestSender.js:96:31)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
  type: 'StripeAuthenticationError',
  raw: {
    message: 'Invalid API Key provided: whsec_ad**********************************************************4831',
    type: 'invalid_request_error',
  /// left out
  requestId: undefined,
  statusCode: 401,
  charge: undefined,
  decline_code: undefined,
  payment_intent: undefined,
  payment_method: undefined,
  payment_method_type: undefined,
  setup_intent: undefined,
  source: undefined
}
```

pure sluice Mar 30, 2023, 4:00 PM

#

Oh that makes much more sense

#

Ok I have to head out, but @gray rune can take over from here

#

Thanks for the clarity

gray rune Mar 30, 2023, 4:07 PM

#

It looks like you're using a webhook signing secret instead of your API key. The signing secret is specifically for verifying webhooks and can't be used in place of an API key

bronze depot Mar 30, 2023, 4:12 PM

#

Would the local testing with the cli client also somehow provide a response to the API call?
I somehow cannot imagine how that works.

#

unless the cli creates the object on the stripe backend ... afterall out backend will talk to the stripe backend

gray rune Mar 30, 2023, 4:13 PM

#

Would the local testing with the cli client also somehow provide a response to the API call?
I don't understand the question. Can you rephrase?

bronze depot Mar 30, 2023, 4:14 PM

#

alright .... webhook testing with the stripe cli client is easy and clear ... it basically builds a proper event and sends it to the locally running backend ... that makes sense

#

now we are trying to make a call to the stripe backend to read the line items

#

but the event object just came from the local stripe cli sending the event

#

I would assume the when we talk to the stripe backend to read the line items - it does not know anything about that session object

#

as it just came from the locally running stripe cli

#

is that assumption true or false?

gray rune Mar 30, 2023, 4:17 PM

#

I would assume the when we talk to the stripe backend to read the line items - it does not know anything about that session object
Stripe CLI creates real objects on your real Stripe account. These are not merely local objects

#Kairo