#dvsk

The webhook can be created either in Dashboard or via API. Both will work

Here is the guide of registering the Webhook endpoints: https://stripe.com/docs/webhooks/go-live

yes.. so when I do router.post('/webhook', express.raw({ type: '/' }), async (request, response) => {***}) in my express app, does this mean creating a webhook endpoint or just using the already existing endpoint that's in the dashbaord?

This should just be consuming the events after registering webhook endpoint in the Dashboard

The code shouldn't need to register the webhook endpoint

ok...so registering webhook endpoint in the Dashboard means creating the webhook endpoint correct?

Your server should create the Webhook endpoint URL to receive the events first, then register it in the Dashboard

If you're referring to creating the webhook endpoint as setting up your defined webhook URL in the Dashboard, then yes - it's the same as registering webhook endpoint

ok...so actually when I do router.post('/webhook', express.raw({ type: '/' }), async (request, response) => {***}) in my express app, I see that without the stripe API key the app works fine but only webhook secret is required for authentication... Is it expected way because here I am just consuming the already created webhook in the dashboard?

Yes, this is correct

oh! so I can just write const stripe = require('stripe') in the beginning of file for requiring stripe, instead of const stripe = require('stripe')('stripe api key')?

When you verify the signature using sstripe.webhooks.constructEvent(), it requires stripe = require('stripe')('stripe api key') to be initialised

I expected that that's how it has to work but my application, I mean the payment just seems to work fine without the correct value of stripe api key.

In signature validation, it uses Webhook secret. If you make additional request to Stripe in the same code, then API key will be used such as retrieving more object information

no I am not doing any API call further except only this like here https://stripe.com/docs/payments/handling-payment-events#create-webhook

I am little confused here... if its actual creation of webhook or just consuming the already created one in the dashboard... Also, I don't remember if I created one in the dashboard, but I see hosted webhook endpoints in the dashboard

If you follow this guide (https://stripe.com/docs/payments/handling-payment-events#create-webhook), then it's just consuming the events from the created one in the Dashboard

I don't remember if I created one in the dashboard, but I see hosted webhook endpoints in the dashboard
Can you share your account ID, so that I can check how your webhook endpoint was created? You can find your account ID by logging in to https://dashboard.stripe.com/settings/account. It'll be in the upper right hand corner and looks like acct_123

ok

The webhook endpoints were created via Dashboard. You can check the user who created the Webhook endpoint here:

• https://dashboard.stripe.com/logs?object=we_1MtFxAFs13pW43i9Xnr4cLKX
• https://dashboard.stripe.com/logs?object=we_1MtFvtFs13pW43i9gDZTpER8

ok thanks a lot River...for your help today

No problem! Happy to help 😄

And one last thing again, in my case this 'stripe api key', though not provided, the webhook doesn't throw any error... I am not able to understand how can that happen at all...

As mentioned, API key is only used when you attempt to make a request to Stripe. In this case, your webhook only consumes the event from Stripe and no request is made to Stripe, API isn't used and won't be validated

oh! in stripe.webhooks.constructEvent method also is it not required, because stripe is initialised from the api key

It is initialised from API key, but it's not used in stripe.webhooks.constructEvent()

Only secret key is used to validate the event, not API key

okay thank you 🙂