#mccoypauley

hey there, yes you can absolutely do everything in test mode on a public site, including webhooks

can you share an example event ID you expect to have delivered but didnt?

Locally you're using the CLI to forward events?

Yes, locally I use the CLI (or events triggered by my interacting with the website)... I'm seeing the events get triggered in the Dashboard on staging, but it's returning a 400 bad request so I'm combing through the log to see if something is behaving differently in the staging server than my local environment

Okay it looks like it's because the signature is invalid

(coming from the SignatureVerificationException)

Ok, that makes sense

WHen you moved from your local server to the public site, did you replace your endpoint signing secret?

so I have an endpoint signing secret that comes from the Stripe CLI key

The CLI provides a secret to verify forwarded events, but the direct delivery to your public endpoint needs to use the secret you can find in the dashboard for that endpoint

oh i see, so the secret given by the webhook itself?

instead of the CLI secret

Yes

correct

got it, thank you!!

let me give that a shot

would it look something like we_XXXXXXXX

It would look like whsec_

That's the endpoint id -- the signing secret is as pompey notes

oh i see, "Signing Secret"

not the one in the top corner

Right

cookin' with fire! it works!