#dr3w1792

What's the event ID?

evt_1NhmMRKkCMehlZf7LYlm2HaF

Are you using the webhook secret from Dashboard or CLI?

dashboard, I switched from the cli one when I was testing locally

Is your webhook endpoint's server time correct?

i am using aws so I would assume so but do you know how I could check that?

No, maybe you want to check with AWS?

ok i verified that it is the correct time

OK. Can you share with me your code related webhook handling?

sure

@csrf_exempt
def stripe_webhook(request):
    event = None
    payload = request.body
    sig_header = request.META.get('HTTP_STRIPE_SIGNATURE', '')
    endpoint_secret = 'whsec_wuqPPGrRyPxQFtylWdNFMG2NTD87fn2z'
    
    try:
        event = stripe.Webhook.construct_event(payload, sig_header, endpoint_secret)
    except ValueError as e:
        # Invalid payload
        raise e
    except stripe.error.SignatureVerificationError as e:
        # Invalid signature
        raise e

    # Handle the event
    if event['type'] == 'checkout.session.completed':
        checkout = event['data']['object']
        biz=Business.objects.get(id=checkout['metadata']['biz_id'])
        type=checkout['metadata']['type']
        if type == 'premium':
            biz.set_premium(checkout.subscription)
        elif type == 'badge':
            badge_list = json.loads(checkout['metadata']['badge_list'])
            for badge_id in badge_list:
                badge = Badge.objects.get(id=badge_id)
                biz.badges.add(badge)
            biz.save()

    elif event['type'] == 'customer.subscription.deleted':
        subscription = event['data']['object']
        subscription_id = subscription['id']
        business = Business.objects.filter(subscription_id=subscription_id).first()

        business.subscription_status = 'canceled'
        business.subscription_end = datetime.now(pytz.utc)

    else:
      print('Unhandled event type {}'.format(event['type']))

    return JsonResponse({'success': True})

I think you should get the signature header from stripe-signature

instead of HTTP_STRIPE_SIGNATURE?

Yes, please refer to the sample code in https://stripe.com/docs/webhooks/quickstart?lang=python

ah ok, I am doing a quick deploy to see if that fixed the issue

still getting the same error

Change
sig_header = request.META.get('HTTP_STRIPE_SIGNATURE', '')
to
sig_header = request.headers.get('stripe-signature')

so request.headers is a flask thing, does not work in django

I was getting errors when I had that initally

I see, perhaps you want to find out what's the equivalent function to get all headers in Django?

print the content of this META dict and see if stripe-signature is inside it.

it is interesting it is working locally, but not when deployed to production

should I be seeing the stripe_signature without http before it when running locally?

i'm not too familiar with python but you should be able to check / verify from our sample

So when checking locally I see http_stripe_signature (the one i had)

but not stripe_signature

im wondering if because locally its an http request, while the production webhook is https?

like what jack mentioned, you should log all the headers and see what you can find

i just did and am telling you what i see

locally i see http_stripe_signature

not stripe_signature

alright, and what about in production? the problem is in production right?

ya I just verifying before deploying for 10 minutes that I may get a different header name in production vs local

but if its unkown ill deploy and see