#talker1284

1 messages · Page 1 of 1 (latest)

silent talonBOT
upbeat kestrel
#

It's a 500 error returned from you server, and the response we have got is

The signature for the webhook is not present in the Stripe-Signature header.
#

Could you put debug on your code and see where and how it threw this error?

solar bison
#

It's failing at
stripeEvent = EventUtility.ConstructEvent(json, signatureHeader, secret);
The signatureHeader comes from the webhook, and the secret matches up with the secret on the webhook page.

#

I belive this usually happens when the secret is not correct.

#

we are reconstructing the stripe event from the webhook but for some reason Stripe.Net is throwing an error.

#

this does not make sense and seems like it may be some type of bug on the stripe end. I don't have control over the StripeSignature that comes from teh webhook. I verified that the secret that I am providing matches the secret associated with this particular webhook, and the code fails at the part where your EventUtility tries to reconstruct the event. We are doing this in other environments, the only difference here is that we have duplicated webhooks on the same event pointing to two seperate environments.

upbeat kestrel
#

Sorry to hear that, but if you log all the headers of incoming request, what else do you see (or how does it look in compare to a working environment)?

silent talonBOT
solar bison
#

I logged the stripe signature header which i think is the only applicable header that would cause this. The stripe signature is unique per request, nothing really to compare it to.

#

is there any other reason this EventUtility would fail to construct the event?

#

is there some rule that says an event can only be reconstructed once?

fallow pier
#

Hi there 👋 taking over, as my colleague needs to step away

Are you hardcoding the webhook signature in your handler? If so, can you confirm it's the same one that's in that specific webhook endpoint in the Stripe Dashboard? You can find it in the top right corner here: https://dashboard.stripe.com/test/webhooks/we_1NwpuQBdDrchzztV4ZJvr3v9

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

#

Sorry if you already did this, just want to make sure we're checking off all the troubleshooting steps

solar bison
#

it's not hard coded it comes from the parameter store in aws, but as you can see in the datadog log that it matches the exected webhook from stripe webhook dashboard.

fallow pier
#

Got it, okay. Thanks for doing that. Also, I deleted the screenshots since they contained sensitive signing secrets and this is a public server

solar bison
#

ok, your url path also contains the secret btw

fallow pier
#

That just contains the webhook endpoint ID. That's not the secret

#

Hmmm, that misunderstanding might explain a few things. The signing secret starts with whsec_ can you confirm that that's what you're using in your code?

solar bison
#

this comes from Stripe.Net library, 3rd parameter it is named secret. 2nd parameter is the stripe signature that comes from the header.

Screenshot_2023-10-03_at_1.43.48_PM.png
#

where do i get the signing secret?

#

that may be the issue

#

i was told it was this we_1NwpuQBdDrchzztV4ZJvr3v9

fallow pier
#

You have to click to reveal it