stripeuser_96421 | Stripe Developers | Page 1

young sandalBOT Dec 1, 2023, 1:35 PM

#

chrome knoll Dec 1, 2023, 1:35 PM

#

Hi, let me help you with this.

#

What's exactly your challenge?

steady hornet Dec 1, 2023, 1:36 PM

#

I created a payload like this : "1701436772".{ "id": "evt_1OILG0Fnpfya5sMz9zQg2cOG", "object": "event", "api_version": "2022-11-15", "created": 1701393064, "data": { "object": { "id": "po_1OIL8vFnpfya5sMzufFyJI4h", "object": "payout", "amount": 124529, "arrival_date": 1701388800, "automatic": true, "balance_transaction": "txn_1OIL8vFnpfya5sMzbnEhExxE", "created": 1701392625, "currency": "eur", "description": "STRIPE PAYOUT", "destination": "ba_1OFZswFnpfya5sMzwY78UQyG", "failure_balance_transaction": null, "failure_code": null, "failure_message": null, "livemode": false, "metadata": { }, "method": "standard", "original_payout": null, "reconciliation_status": "in_progress", "reversed_by": null, "source_type": "card", "statement_descriptor": null, "status": "in_transit", "type": "bank_account" } }, "livemode": false, "pending_webhooks": 1, "request": { "id": null, "idempotency_key": null }, "type": "payout.created" }

#

is it a right format?

#

because the signatures are not matching

chrome knoll Dec 1, 2023, 1:39 PM

#

What are you trying to do?

steady hornet Dec 1, 2023, 1:40 PM

#

trying to check if the data is coming from stripe only. so using hmac and matching the signature

#

I have created a webhook which is receiving events from stripe

#

I just want to confirm if the data is coming from stripe by using hmac functionality

chrome knoll Dec 1, 2023, 1:45 PM

#

You shouldn't create payloads yourself, this won't work.

steady hornet Dec 1, 2023, 1:45 PM

#

okay, then what is the right way to achieve this

chrome knoll Dec 1, 2023, 1:47 PM

#

Trigger test events on your Stripe account and see if your webhook endpoint receives it.

steady hornet Dec 1, 2023, 1:47 PM

#

yes that is working

#

what next

chrome knoll Dec 1, 2023, 1:50 PM

#

What do you mean?

steady hornet Dec 1, 2023, 1:51 PM

#

Step 2: Prepare the
signed_payload
string

The signed_payload string is created by concatenating:

The timestamp (as a string)
The character .
The actual JSON payload (that is, the request body)

#

documentation says this

#

thats why I am preparing the signed payload

#

is it not correct way?

chrome knoll Dec 1, 2023, 1:53 PM

#

steady hornet documentation says this

What documentation?

steady hornet Dec 1, 2023, 1:54 PM

#

https://stripe.com/docs/webhooks#best-practices

Use incoming webhooks to get real-time updates

Listen for events on your Stripe account so your integration can automatically trigger reactions.

#

this is the documentation I am following

#

It suggests to create a signed_payload by concatenating :

#

The timestamp (as a string)
The character .
The actual JSON payload (that is, the request body)

chrome knoll Dec 1, 2023, 1:55 PM

#

Why do you need to verify signatures manually?

steady hornet Dec 1, 2023, 1:56 PM

#

It will be done in apigee layer which is receiving the event. but it is failing there.

#

when I check logs , I try to recreate it manually and it still doesnot work

#

what is the way of verifying the signature?

chrome knoll Dec 1, 2023, 1:57 PM

#

https://stripe.com/docs/webhooks#verify-official-libraries

steady hornet Dec 1, 2023, 1:59 PM

#

okay, but can you please tell me why it is not working with manual approach?

chrome knoll Dec 1, 2023, 2:01 PM

#

I am not familiar with this approach. I can dive into it, if the recommended approach doesn't work for you.

steady hornet Dec 1, 2023, 2:03 PM

#

I doubt in apigee we can import any external libraries,. it has very limited support

#

it will be great if you can help me with manual approach

#

can someone else help me with manual approach

#

hello

#

@chrome knoll are you there

steady hornet Dec 1, 2023, 2:54 PM

#

can someone help

young sandalBOT Dec 1, 2023, 3:22 PM

#

tight sorrel Dec 1, 2023, 3:22 PM

#

Hi looks like this was dropped. Our apologies

#

Taking over here

#

What is your question?

steady hornet Dec 1, 2023, 3:37 PM

#

hi

#

I want to know how to manually check the hmac signature

tight sorrel Dec 1, 2023, 3:37 PM

#

What do you mean

#

Need more info

steady hornet Dec 1, 2023, 3:45 PM

#

I am receiving stripe data using a webhook. I am doing a hmac verification . for that I am creating payload like this :

#

"1701436772".{ "id": "evt_1OILG0Fnpfya5sMz9zQg2cOG", "object": "event", "api_version": "2022-11-15", "created": 1701393064, "data": { "object": { "id": "po_1OIL8vFnpfya5sMzufFyJI4h", "object": "payout", "amount": 124529, "arrival_date": 1701388800, "automatic": true, "balance_transaction": "txn_1OIL8vFnpfya5sMzbnEhExxE", "created": 1701392625, "currency": "eur", "description": "STRIPE PAYOUT", "destination": "ba_1OFZswFnpfya5sMzwY78UQyG", "failure_balance_transaction": null, "failure_code": null, "failure_message": null, "livemode": false, "metadata": { }, "method": "standard", "original_payout": null, "reconciliation_status": "in_progress", "reversed_by": null, "source_type": "card", "statement_descriptor": null, "status": "in_transit", "type": "bank_account" } }, "livemode": false, "pending_webhooks": 1, "request": { "id": null, "idempotency_key": null }, "type": "payout.created" }

#

following this documentation :
Step 2: Prepare the
signed_payload
string
The signed_payload string is created by concatenating:

The timestamp (as a string)
The character .
The actual JSON payload (that is, the request body)

#

but the signature is not same hence failing this authentication

tight sorrel Dec 1, 2023, 3:50 PM

#

Wait why are you doing this yourself and not using one of our client libraries?

steady hornet Dec 1, 2023, 3:50 PM

#

apigee is not supporting these libraries

#

this is our integration layer where this operation is happening

#stripeuser_96421