#fg.samuel

Hey there

event = stripe.Webhook.construct_event(
            payload, sig_header, endpoint_secret
        )

YOu mentioned the CLI, but not explicitly if you're forwarding to localhost via the CLI. Are you doing that?

Or are these events being delivered directly by stripe to a public endpoint?

Hi.

I launched my application locally and used Ngrok to create a public URL.

In the Stripe dashboard, I configured this Ngrok address as a webhook.

Then, I simply trigger it from the CLI on my machine.

I did not set up any redirection within the CLI.

If you are forewarding via the CLI, ensure your endpoint_secret (or STRIPE_ENDPOINT_SECRET) is the whsec_123 value returned by the CLI when you start stripe listen --forward-to...

Ok, so thats not applicable

Have you added some debug logging to ensure payload, sig_header, endpoint_secret all contain the expected values?

The most common issue here is that construct_event requires the raw request body

Often various server framework automatically parse json data and mutate the request body, and then signature verification won't work

I see you're using request.data instead of request.body -- where does that come from? What does it contain?

How to get the raw request body will depend on your particular framework

Humm. Let me check the request.data

Is the content of the request.data variable coming in binary format? Is this correct?

When I try to use the request.body variable, it throws an error in the application. It doesn't recognize it.

Is the server framework that you are using here flask, django, or something else?

flask

Awesome, I have a test flask server myself, checking in to this

Perfect.

Yeah data is a bythe array https://flask.palletsprojects.com/en/2.3.x/api/#:~:text=with the request.-,property data%3A bytes,-¶

    request_data = json.loads(request.data)
    signature = request.headers.get("stripe-signature")

    try:
        endpoint_secret = secrets[hook]
        
        event = stripe.Webhook.construct_event(
            payload=request.data, sig_header=signature, secret=endpoint_secret
        )```

So that should be the raw request body. I would recommend checking your sig_header and endpoint_secret variables to make sure they are the exact values that you expect

I will do this now. Just a sec

endpoint_secret is somehting like whsec_...
sig_header:

't=1689797189,v1=...,v0=...'

and still getting error

I obtained this key that starts with "whsec" at the moment I started the client's listen.

Those both sound right. Trying to think of what else may be wrong here.

I'm running some tests. If I find the solution, I'll let you know. Likewise, if you find it, please inform me. 😆

Can you try downloading our sample webhook server (for Python it uses flask) and see if you can successfull construct events with our sample code? https://stripe.com/docs/webhooks/quickstart?lang=python

If not, I am wondering if this is a flask versioning thing as that code definitely works on my machine.

Sure. I will try it now.
One moment

Guys, I'm really embarrassed...

The problem was an inappropriate space character in my key.

You were sensational. I apologize for the inconvenience and I am very grateful for your help which was very quick and effective.

I can't believe I lost an hour and a half of my day because of a space character... hahahahhahaa

Nice catch! Those can be hard to find. No worries and glad we could help

Definitely have lost time like that myself

The funny thing about programming is that it feels like a roller coaster. Sometimes we solve big problems and feel invincible, and on other days we can't make progress because of a character in the wrong place. Heheheh

Thank you very much.