#santiago-webhook-php

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• santiago-checkout-returnurl, 18 hours ago, 39 messages
• santiago-checkout-csp, 2 days ago, 44 messages

Is your integration changing the header in any way? Can you do a console log to verify the signatures manually?

It is not changing, anything, it is on the webhook itself, using php?. not the success page. so it technically comes from stripe directly, this is the code,straight from the demo.

Hello! I'm taking over and catching up...

<?php
require '../vendor/autoload.php';
// Set your secret key. Remember to switch to your live secret key in production.
// See your keys here: https://dashboard.stripe.com/apikeys
\Stripe\Stripe::setApiKey('sk_test_***');

// You can find your endpoint's secret in your webhook settings
$endpoint_secret = "whsec_***";

//error log for checkign output
$log_file = "errors.log";

$payload = @file_get_contents('php://input');
$sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'];
$event = null;

try {
$event = \Stripe\Webhook::constructEvent(
$payload, $sig_header, $endpoint_secret
);
} catch(\UnexpectedValueException $e) {
// Invalid payload
error_log("\n\nInvalid Payload!\n\n",3,$log_file);
http_response_code(400);
exit();
} catch(\Stripe\Exception\SignatureVerificationException $e) {
// Invalid signature
error_log("\n\nInvalid Signature!\n\n",3,$log_file);
http_response_code(400);
exit();
}

error_log("\n\nPassed signature verification!\n\n",3,$log_file);
http_response_code

thiss is the code that 'redirects' to the payment page. if it is of any help

<?php
require '../vendor/autoload.php';
$stripe = new \Stripe\StripeClient('sk_test_****');

$data = json_decode(file_get_contents("php://input"));
if(!isset($data)){
echo "no data";
//header('Location: /local_upload/');
}
else {
session_start();
//add check if valid json data and all json keys are non null
//after check do this
$_SESSION['json'] = $data;
$checkout_session = $stripe->checkout->sessions->create([
'line_items' => [[
'price_data' => [
'currency' => 'usd',
'product_data' => [
'name' => 'Hosting Ads Promo',
],
'unit_amount' => $data->price,
],
'quantity' => $data->quantity,
]],
'mode' => 'payment',
'success_url' => 'success.php?session_id={CHECKOUT_SESSION_ID}',
'cancel_url' => '/',
]);

echo $checkout_session->url;
}

Are you certain your whsec_ is correct? You're using the one from the Dashboard?

the redirect is done on serverside

yes, i' m using the one from dashboard

copy/pste

What's the exact error you're getting?

Oh, wait.

This won't work: $data = json_decode(file_get_contents("php://input"));

Where did you get this code?

Hang on... I'm confused about your code. It came in two chunks, but I'm not sure how they relate?

oh, the second one is just the call to the payment form url, I just sent it because you asked me if it modifies the headers in anyway.

the logfile now does not show 'invalid signature' but neither shows the 'passing' message that is put there

Okay, wait, let's back up. What Event type are you trying to listen for?

checkout.session.completed?

i'm sorry it still shows invalid signature..

yes i'm listening to checkout.session.completed.

Okay, what's the full error message you're getting?

I was just following the documentation for making sure it comes from stripe

to the webhook

just says 'invalid signature'

so it is showing this part

catch(\Stripe\Exception\SignatureVerificationException $e) {
// Invalid signature
error_log("\n\nInvalid Signature!\n\n",3,$log_file);
http_response_code(400);
exit();

Can you give me the ID of one of the checkout.session.completed Events which is triggering the error?

anythng it ry does that, let me try to get it from cli

last test i did

i believe is this one

←[2m2023-11-02 19:11:14←[0m --> ←]8;;https://dashboard.stripe.com/test/events?
type=checkout.session.completed←\←[1mcheckout.session.completed←[0m←]8;;←\ [←]8;
;https://dashboard.stripe.com/test/events/evt_1O8A2YFNub1c9E7EpZz0FvxZ←\evt_1O8A
2YFNub1c9E7EpZz0FvxZ←]8;;←]

So this is all local? You're not trying to send this to an actual Webhook Endpoint yet?

Meaning you're sending it to your locally running code with stripe listen?

oh, ok that might make sense, it is actually online the webhook, not local

this is how i did it, thoughti t'll work

What URL are you trying to send it to?

stripe listen --forward-to https://guesthostad.lcisitmedia.com/webhook.php

i think

i mean it is like that, not sure if i made at typo but is that one

Ah, okay, so when you have your server online you should create an actual Webhook Endpoint in the Dashboard, not use stripe listen.

http://guesthostad.lcsitmedia.com/webhook.php

here you go

yes, i created a webhook on the dashboard

oh but i cannot use the cli to listen ?

No, that's not how it works.

You created a Webhook Endpoint here? https://dashboard.stripe.com/test/webhooks

let me see where it was

oh was actual webhook aparently

https://dashboard.stripe.com/webhooks

there

do i have to create it on the /test/webhook for signature to be validated?

when tsting?

Yes.

Test and live mode are separate, your live mode Webhook Endpoint won't receive Events from test mode.

stripe listen is only designed to relay Events from Stripe to your locally running web server when it's not online. If you have a server online you should set up a Webhook Endpoint in the Dashboard to send Events to it, not use stripe listen.

oh ok, i thought i could just forward it to my webhook online because i just wanted to check the 'checkout.session.completed event.

quick question, once session completed on the webhook call , can i redirect directly from webhook to success page ?. or if not, how can i send some data to the webhook page? that i collected from the user?. since the user never visits the webhook url

No, the communication between Stripe and your Webhook Endpoint is entirely separate from what happens with the customer. If you want to customize the success page you can add {CHECKOUT_SESSION_ID} to your success_url. It will be replaced by the Checkout Session ID, which you can fetch when your success page is loaded.

More info here: https://stripe.com/docs/payments/checkout/custom-success-page

ok, so basically customer sends a picture and i want it to be 'saved' afterpayment is successful but i also do not want customer to access /success.php directly afterthey try it, so i thought maybe just saving it after webhook event has received checkout.session.completed. but looks like i cannot really do that, i think however i can do something different.. thanks for the help , yes i read that was trying to figure out, the session id just has customer information right ? nothing that shows 'session_completed" /

To clarify, you want people to upload a photo after they successfully pay?

is actually before, just wanted a way to send the session.completed so it checks for it before uploading photo.

i've tried with the test endpoint and still have invalid signature

You're using the whsec_ value from the test mode Webhook Endpoint you set up in the Dashboard? Not the live mode one?

yes i just figure that out

forgot to save it

I'm still not understanding about the photo. They upload the photo first, then you send them to Checkout?

correct

i see on the webhook the payload says payment_status = paid'

Yep.

yes, however i still cant see 'passes signature verification'

You're still seeing the invalid signature error?

no, i think maybe is the way i'm logging it, i was able to see passed signature verification now, but i added a error_log($payload); right inside try after creating the event

and doesn't show it . but i'll check that, is probably on my wend

altough any help is appreciated. here is that part of the code.

  $event = \Stripe\Webhook::constructEvent(
    $payload, $sig_header, $endpoint_secret
    
  );
  error_log($payload);
} catch(\UnexpectedValueException $e) {
  // Invalid payload
  error_log("\n\nInvalid Payload!\n\n",3,$log_file);
  http_response_code(400);
  exit();
} catch(\Stripe\Exception\SignatureVerificationException $e) {
  // Invalid signature
  error_log("\n\nInvalid Signature!\n\n",3,$log_file);
  http_response_code(400);
  exit();
}

error_log("\n\nPassed signature verification!\n\n",3,$log_file);
http_response_code(200);````

why i only get the passed signature verification' and not the 'payload' inside the try ?

I don't understand your question

santiago-webhook-php

with that code, that i have error_log($payload); inside the try {} bracket

shouldn't it be saved to the logfile? i only get 'passed signature verification' at the end

You have a try/catch. If something fails an exception is raised. Here an exception is raised by constructEvent() which is called before the error_log so that's all expected.
Move it above

how can i see the execption because it is supposed to be for signature or payload and supposedly they both passed.. ,

you have a catch, and there you can log all the information.

we do nothing fancy here, it's normal/basic PHP so you might want to refer to https://www.php.net/manual/en/language.exceptions.php