ilbeygi | Stripe Developers | Page 1

compact pebbleBOT Aug 29, 2023, 6:04 PM

#

main void Aug 29, 2023, 6:07 PM

#

Sure thing. What does your webhook handler look like right now? Can you copy/paste the code? (please redact at least half of the webhook secret and any other sensitive data before pasting, as this is a public server)

serene hollow Aug 29, 2023, 6:38 PM

#

main void Sure thing. What does your webhook handler look like right now? Can you copy/pas...

yes sure
I am using only code that suggest on the stripe docs :

<?php

require 'vendor/autoload.php';

$endpoint_secret = 'whsec_c...';

$payload = @file_get_contents('php://input');
$sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'];
$event = null;

file_put_contents(DIR . '/webhook.log', 'Payload : ' . $payload . PHP_EOL, FILE_APPEND);
file_put_contents(DIR . '/webhook.log', 'sig_header : ' . $sig_header . PHP_EOL, FILE_APPEND);

try {
$event = \Stripe\Webhook::constructEvent(
$payload, $sig_header, $endpoint_secret
);
} catch(\UnexpectedValueException $e) {
// Invalid payload
http_response_code(403);
exit();
} catch(\Stripe\Exception\SignatureVerificationException $e) {
// Invalid signature
http_response_code(404);
exit();
}

// Handle the event
switch ($event->type) {
case 'checkout.session.async_payment_succeeded':
$session = $event->data->object;
case 'checkout.session.completed':
$session = $event->data->object;
// ... handle other event types
default:
echo 'Received unknown event type ' . $event->type;
}

http_response_code(200);

main void Aug 29, 2023, 6:42 PM

#

Okay. Are you using the Stripe CLI for your webhook endpoint? Or are you using non-local webhook endpoint?

#

If it's a hosted endpoint, can you include a link to the Dashboard view of the endpoint you're troubleshooting? You can find that here: https://dashboard.stripe.com/test/webhooks

Note, you may have to toggle test mode on or off, depending of if this is a production webhook integration or not

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

serene hollow Aug 29, 2023, 6:43 PM

#

I used both methods

compact pebbleBOT Aug 29, 2023, 6:47 PM

#

main void Aug 29, 2023, 6:51 PM

#

Okay, did you confirm that the webhook signing secret in your code is the same as the webhook signing secret that your webhook endpoint is showing? If you're using the CLI, it will show it to you when you start the listener. If you are using a hosted webhook endpoint, then it will show it to you in the Dashboard view of that specific webhook endpoint

serene hollow Aug 29, 2023, 6:58 PM

#

yes i used that

tawny marlin Aug 29, 2023, 6:59 PM

#

Which type of delivery are you testing when you see the signature verification issue?

#

direct delivery or via CLI?

serene hollow Aug 29, 2023, 7:06 PM

#

I see on both method.
and on both method i see issue !!!

Did you see my code ?

tawny marlin Aug 29, 2023, 7:06 PM

#

Ok but lets pick one

serene hollow Aug 29, 2023, 7:07 PM

#

Is there a problem with my code?

tawny marlin Aug 29, 2023, 7:07 PM

#

Maybe, hard to say so far

#

but it looks valid at a glance

#

You should log out all the constructEvent parameters and ensure they have the value you expect: $payload, $sig_header, $endpoint_secret

#

And as twoshoes noted, the endpoint secret needs to be the one the CLI shows when you run stripe listen if you handling forwarded events via the CLI

#ilbeygi