#heildever

Taking a step back, is there a reason you are creating the endpoint on their account as opposed to having a connect webhook endpoint on your platform account? That way you'd only have to set up the endpoint once and would get events for any of the accounts that connect to you https://stripe.com/docs/connect/webhooks

No I'm trying to GET a list of webhook endpoints of the connected account/s not CREATE one

Ah my apologies, I see that you said that. Checking in to this

Thank you 🙏

Would you be able to send me the request ID (req_123) of a request where you got this error? It sounds like you are doing exactly what the docs say so I'm still not immediately sure what this may be.
Also, are the other permissions in your manifest working as far as you can tell?

Yup, here is the request id: req_r8nlFktwTzgqSe
I confirmed access to all of the other resources I defined in my manifest, event_read, customer_read etc but webhooks is a critical one for me

Thank you, checking in to that request. And good to hear the rest are working at least.

Still looking in to this, I am consulting colleagues as well. Will let you know what we can find.

Sounds good, thanks for the help

I have also tried with other endpoints (which I shouldn't have access to since they're not specified in my manifest) and I get a 403 with more_permissions_required_for_application message

Which makes sense, since, in theory, I dont have permissions to that resource

Yep, so it turns out that your platform account needs to be specifically enabled to use that permission. If you write in to our support team and describe your use case they should be able to help you here https://support.stripe.com/?contact=true

Apologies for the confusion, I am not sure why the doc lists it like it is any other permission when it needs a special step like this. We are flagging this internally to fix

Can you please elaborate? I have contacted support before and I have bad experiences previously I want to make sure I get it right before we end this convo

Yep, sorry to hear. Honestly there isn't a ton more detail than that it needs to be turned on for your account internally by Stripe. I think they should be able to help you if you describe why your app needs to retrieve webhook endpoints, point out that we have a webhooks_read permission specifically for this, but that on Discord we found that your account needs to be specifically enabled to be able to see webhook endpoints on your connected accounts. They should be able to escalate you properly from there

Ok sounds good, I'll give this a try

Thanks 🙏

@floral hollow A colleague passed on to me that restricted access key based apps can use this permission without your account being specifically enabled for it. https://stripe.com/docs/stripe-apps/api-authentication/rak

So this is more of a restriction on platform key authorized apps. If you have a minute, can you tell me a bit about what your usecase is for retrieving these endpoints and why you chose platform key authorization for your app? I can pass that feedback along.

Yup, some of our existing clients already have Stripe webhooks set up but unfortunately, we didn't design our system to track that i.e we dont know what client is actively using their Stripe webhooks. As we are developing this app, as a transition, we want to know who is actively using their Stripe webhooks to decide how we will handle duplicate webhook events. If I know who already has Stripe webhooks, I can easily decide to not process their events twice and keep their webhooks only but it requires me to know their existing webhooks on my platform

Hence I am making a GET request to https://api.stripe.com/v1/webhook_endpoints with the account id in the headers to parse through the response to see if they have registered webhooks for our platform, and I include the platform_key as API key

Looking at RAK flow, I'm concerned about the Marketplace installs since there will be no way for me to obtain the generated keys after the installation

Gotcha, thank you. So to clarify have the users been manually going in to their dashboards so far and registering webhooks with your URL?

Just wrapped up a call with the Support, they want me to send a video of my process. I dont think they're familiar enough with this

Did that create an email thread with you? If so can you DM me your email address?

Will pass it as soon as I get it, I should receive it shortly I believe

Whops my bad, I thought you wanted to see the email thread

Thanks, deleted the email address and link as this is a public channel and bots sometimes crawl it for sensitive info. I made a note to help clarify what needs to be enabled for your account, I'm not sure if the video is part of the approval process but support should be able to help you through the rest of this.

Yup took me time to realize that this is a thread under the public channel, DM'd you my email address 🙏

Do you think I should still bother with recording a video, to help support understand whats wrong?