theryanmark | Stripe Developers | Page 1

sick pelicanBOT Oct 2, 2023, 8:04 PM

#

fallen scarab Oct 2, 2023, 8:06 PM

#

Hey toby if i don't aswer right away I am back ad forth betwee screens.

gritty swallow Oct 2, 2023, 8:14 PM

#

Hi there 👋 apologies for the delay. That error typically indicates one of two problems.

The webhook signing secret in your code is not correct. That can happen when migrating to new endpoints, as each webhook endpoint has a unique signing secret, and the Stripe CLI also generates its own.
The body of the request is being altered before the signature validation occurs. This can happen with some middlewares that try to proactively parse/trim/etc bodies, but breaks our flow as our verification process is very sensitive to the request body being changed.

fallen scarab Oct 2, 2023, 8:17 PM

#

No worries. I think #1 is more likely seeing as how it was working locally. so I am in test mode on my dashboard and I was using my test secret locally ad it was working with the CLI. I made an official endpoint in test mode on the dashboard. should I be doing something different now?

gritty swallow Oct 2, 2023, 8:30 PM

#

If your code wasn't hitting signature validation errors when testing, then yes, I would suspect it's the signing secret that needs to be updated. The CLI is a great way to start testing endpoints, and creating an actual test endpoint is the next step. When doing so a signing secret for that test endpoint should have been created, you'll need to update the code for that endpoint so that it uses the signing secret associated with it.

fallen scarab Oct 2, 2023, 8:34 PM

#

got it I am looking in to it. one other question. I am only accepting CC, I could use the return url to implement functionality within my app correct?

gritty swallow Oct 2, 2023, 8:36 PM

#

Sorry, I'm not sure what you're trying to ask there. The return url on what type of object?

fallen scarab Oct 2, 2023, 8:39 PM

#

sorry the success_url & cancel_url on checkout session

gritty swallow Oct 2, 2023, 8:42 PM

#

Gotcha, yeah, you can use those to trigger processes in your environment. A word of caution about doing so, is that those flows may break if something prevents a customer from being able to reach those urls, like they unexpectedly lose network access, or immediately close their tab/window after completing the payment but before the redirect completes. Those are the concerns that lead us to typically reocmmend using webhook endpoints for triggering downstream processes instead of those urls.

sick pelicanBOT Oct 2, 2023, 8:44 PM

#

fallen scarab Oct 2, 2023, 8:45 PM

#

Copy Thank you

#theryanmark