myoussef-webhook-secret | Stripe Developers | Page 1

serene fossilBOT Jun 28, 2023, 8:26 PM

#

sturdy egret Jun 28, 2023, 8:26 PM

#

Hello, apologies the server is busy

#

What do you need help with in regards to the secret key? Are you getting an error somewhere?

prime pagoda Jun 28, 2023, 8:27 PM

#

never mind, thanks for your help
i want to make sure which secret key that i should use when take webhook to live
I followed Stripe documentation in this link
https://stripe.com/docs/webhooks/quickstart

#

and i added this line
const string endpointSecret = "whsec_...";

#

what is the value of this variable endpointSecret that i should use in production ? where to get it ?

sturdy egret Jun 28, 2023, 8:35 PM

#

When you create the endpoint on this page, the page will show you the secret https://dashboard.stripe.com/webhooks

serene fossilBOT Jun 28, 2023, 8:44 PM

#

prime pagoda Jun 28, 2023, 8:44 PM

#

i tried now to create new webhook and i did not find the key that you mentioned

#

only code sample at the right side of screen and this comment is appear at the top of the secret key

    // This is your Stripe CLI webhook secret for testing your endpoint locally.

sturdy egret Jun 28, 2023, 8:47 PM

#

There should be a section on that page named "Signing Secret" that has a link named "Reveal" under it

#

prime pagoda Jun 28, 2023, 8:51 PM

#

the length of this key is 38 character (is that correct?) because the testing one was 70 charcter

fleet saddle Jun 28, 2023, 8:52 PM

#

myoussef-webhook-secret

#

You're likely mixing up an API key like sk_test_123 and a webhook endpoint secret like whsec_123

#

prime pagoda Jun 28, 2023, 8:55 PM

#

no, when i tired to click on Add-End-Point button, there is a sample of code at right, this code contains a value for this key and lenght is 70 chars,
by the way if the 38 one is correct, just confirm to use it please

fleet saddle Jun 28, 2023, 8:56 PM

#

I can't tell you. What matters is the exact prefix I just explained above. As long as you use those values (which you can match to what the Dashboard tells you) you'll be fine

prime pagoda Jun 28, 2023, 8:57 PM

#

i can not get the answer, can you calrify more what is the key that i should use for webhook to take it to live ?

fleet saddle Jun 28, 2023, 9:02 PM

#

You're likely mixing up an API key like sk_test_123 and a webhook endpoint secret like whsec_123

#

Sorry Discord is really busy right now and I don't really get your question. You ask "what is the keuy" and there are multiple different keys. So I can't really answer without more specific details. But I explained above what the 2 types of "secret" or "keys" look like

prime pagoda Jun 28, 2023, 9:04 PM

#

i appreciate your help, what i need is , this variable in this link
const string endpointSecret = "whsec_...";

is the value is coming from webhook screen (sigining secret) ?
https://stripe.com/docs/webhooks/quickstart

fleet saddle Jun 28, 2023, 9:05 PM

#

Okay so yes that is the "signing secret" associated with your WebhookEndpoint and you should make sure that value matches what you see if you click "Reveal" to be safe (but it should be, though what's the point of the Reveal button if we put it right there in clear text 😅 )

prime pagoda Jun 28, 2023, 9:06 PM

#

thanks

#

is there a way to secure the webhook end point from calling it outside stripe ?

fleet saddle Jun 28, 2023, 9:07 PM

#

https://stripe.com/docs/ips#webhook-notifications is a way

#

you basically only lets requests from our real documented IPs and block everything else

prime pagoda Jun 28, 2023, 9:11 PM

#

Thanks a lot

#myoussef-webhook-secret