#Hakeem

` [HttpPost("/webhook")]
public async Task<ActionResult> WebhookHandler()
{
var payload = await new StreamReader(HttpContext.Request.Body).ReadToEndAsync();
// var signatureHeader = Request.Headers["Stripe-Signature"];
try
{
var stripeEvent = EventUtility.ConstructEvent(payload,
Request.Headers["Stripe-Signature"], _stripeService.GetWebhookKey());

        // Validate signature here in the future
        // ILogger in the future

        if (stripeEvent.Type == Events.CheckoutSessionCompleted)
        {
            var session = stripeEvent.Data.Object as Session;

            var sessionId = session.Id;
            var paymentStatus = session.PaymentStatus;

            Console.WriteLine($"Checkout session {sessionId} completed with payment status: {paymentStatus}");
        }
        else
        {
            Console.WriteLine($"Unhandled Event: {stripeEvent.Type}");
        }

        return Ok();

    }
    catch (StripeException ex)
    {
    
        Console.WriteLine($"StripeException: {ex.Message}");
        return StatusCode(500, "Internal Server Error");

    }

    
}

`

Sorry about the huge code block, I'm just a little confused as to why, when I execute the webhookhandler() in swagger, I get an 500 Server Error.

When testing with Stripe CLI my webhook works as expected.

The actual error is coming from The Request.Headers Signature when testing in Swagger

Hello 👋
What's the complete error?

Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
An unhandled exception has occurred while executing the request.
System.NullReferenceException: Object reference not set to an instance of an object.

Would you like the entire error block, the main issue really is the System.Null reference

The actual error is coming from The Request.Headers Signature when testing in Swagger
How can you tell its from Request.Headers Signature exactly?

The error you've shared above seems too generic

I forgot to include a crucial part of the error code:

at Stripe.EventUtility.ParseStripeSignature(String stripeSignatureHeader) in /_/src/Stripe.net/Services/Events/EventUtility.cs:line 182 at Stripe.EventUtility.ValidateSignature(String json, String stripeSignatureHeader, String secret, Int64 tolerance, Int64 utcNow) in /_/src/Stripe.net/Services/Events/EventUtility.cs:line 138 at Stripe.EventUtility.ConstructEvent(String json, String stripeSignatureHeader, String secret, Int64 tolerance, Int64 utcNow, Boolean throwOnApiVersionMismatch) in /_/src/Stripe.net/Services/Events/EventUtility.cs:line 127 at Stripe.EventUtility.ConstructEvent(String json, String stripeSignatureHeader, String secret, Int64 tolerance, Boolean throwOnApiVersionMismatch) in /_/src/Stripe.net/Services/Events/EventUtility.cs:line 88 at CheckOut.Controller.CheckOutController.WebhookHandler() in C:\Users\Ahake\Documents\Dev\WebAPI\WebAPI\Controllors\CheckOutController.cs:line 38 at lambda_method165(Closure, Object) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)`

To me it seems , that the stripeSignature couldn't be parsed because it couldnt be validated etc...

Have you switched the webhook secret value?
CLI secret would be different than a hosted webhook

I'll test that I get back to you, unsure.

👍

So my entire project is in test mode which, I wont be able to create an endpoint using a local address ("http://localhost:5068")

The test environment could explain it idk, the webhook key being used is the one generated Stripe CLI

what CLI command are you using to test this?

I run stripe listen --forward-to localhost:5068/webhook,
When it's running, I execute my POST Create Check Out Session Controller

I get recieve normal reponses:
2024-01-09 22:50:35 --> charge.succeeded [evt_3OWo7zGaTScusT1601rO6Eyn] 2024-01-09 22:50:35 --> checkout.session.completed [evt_1OWo81GaTScusT16rIE7fwfC] 2024-01-09 22:50:35 <-- [200] POST http://localhost:5068/webhook [evt_1OWo81GaTScusT16rIE7fwfC] 2024-01-09 22:50:35 <-- [200] POST http://localhost:5068/webhook [evt_3OWo7zGaTScusT1601rO6Eyn] 2024-01-09 22:50:35 --> payment_intent.succeeded [evt_3OWo7zGaTScusT160QZ3ps4v] 2024-01-09 22:50:35 <-- [200] POST http://localhost:5068/webhook [evt_3OWo7zGaTScusT160QZ3ps4v] 2024-01-09 22:50:35 --> payment_intent.created [evt_3OWo7zGaTScusT160SD5udoe] 2024-01-09 22:50:35 <-- [200] POST http://localhost:5068/webhook [evt_3OWo7zGaTScusT160SD5udoe]

So the webhook does work, I just can't execute the webhookhandler on swagger

Unfortaunately, I don't know what swagger is really. Sounds like a third-party tool/server.

You can look into if it mutates the incoming request somehow which might affect the request's raw body resulting in signature verification failure

Ok no problem, I'll keep investigating the issue. Thank you for your help.

Is the swagger endpoint pointing you your localhost endpoint? If not, the secrets would be different, so it could be helpful to double check that you have the right one set up in swagger