bmizerany1234 | Stripe Developers | Page 1

livid coveBOT Sep 18, 2023, 8:53 PM

#

summer canopy Sep 18, 2023, 8:55 PM

#

Hello! I don't think there are special considerations for Stripe Apps when it comes to webhooks. Can you tell me more about what you've tried and what's not working?

night jolt Sep 18, 2023, 8:58 PM

#

Yes

#

I'm using this https://pkg.go.dev/github.com/stripe/stripe-go/webhook#ValidatePayload

#

With the raw payload as it comes in on the wire, the Stripe-Signature header, and the webhook secret I get from stripe listen ...

#

I get an error saying it doesn't work

summer canopy Sep 18, 2023, 9:00 PM

#

It's very likely the raw body is being altered before it reaches that function. It's common for middleware or other code to modify it. Can you check for anything that could potentially be doing that?

night jolt Sep 18, 2023, 9:02 PM

#

There is not

#

It's going direct to my backend

#

untouched

#

localhost:4242

summer canopy Sep 18, 2023, 9:04 PM

#

The only other explanation is that you're using the wrong secret, but that seems unlikely since you're using the CLI and copying and pasting the one it's providing. Can you confirm the copy and paste didn't miss a character, or include extras?

night jolt Sep 18, 2023, 9:05 PM

#

I'm perplexed as to how this "event" is actualyl going through the Stripe event queue/system

#

It's literally making a raw fetch request to localhost:4242 using the fetchWhateverSignatureThing()

#

one sec

summer canopy Sep 18, 2023, 9:05 PM

#

What is "it"?

night jolt Sep 18, 2023, 9:05 PM

#

#

The Stripe Extension App

#

that is right out of an example

#

from stripe

#

it says to add that header, then use the backend SDK to verify

summer canopy Sep 18, 2023, 9:06 PM

#

You're asking about fetchStripeSignature()?

night jolt Sep 18, 2023, 9:07 PM

#

I'm asking about how to verify on the backend that the signature I get in Stripe-Signature was in fact something that come from fetchStripeSignature() which came form the Stripe Ext App SDK

#

more context:

#

summer canopy Sep 18, 2023, 9:08 PM

#

You said, "that is right out of an example." Can you point me to the example?

night jolt Sep 18, 2023, 9:08 PM

#

https://github.com/stripe/stripe-apps/blob/954a21bc807671e72a126ac04d72e2ac88063f5d/examples/basic-auth/frontend/src/views/App.tsx#L113-L125

summer canopy Sep 18, 2023, 9:11 PM

#

Oh, okay, so this isn't really about webhooks, this is about ~~authenticated~~ signed requests from your Stripe App to your backend. Have you done Step #3 here to get the signing secret? https://stripe.com/docs/stripe-apps/build-backend#before-you-begin

night jolt Sep 18, 2023, 9:14 PM

#

yeah

#

it says run stripe listen

#

I did. It spits out a secret

#

I think I may see the problem

summer canopy Sep 18, 2023, 9:15 PM

#

Sorry, not sure I'm following. You did this and it led you somewhere that says to run stripe listen?

Captured_on_2023-09-18_at_14.15.132x.png

night jolt Sep 18, 2023, 9:16 PM

#

Ah

#

All this talk about webhooks and the code using a function called "webhook.verify" had me going down the wrong path

summer canopy Sep 18, 2023, 9:22 PM

#

Did the signature from the details page work?

night jolt Sep 18, 2023, 9:32 PM

#

I think so

#

checking

#

yeah it did

#

thank you!

#bmizerany1234