#stanmatveyev_84067

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• stanmatveyev_84067, 2 days ago, 13 messages
• stanmatveyev_84067, 6 days ago, 6 messages

hi, that is mentioned as a quirk at https://stripe.com/docs/connect/webhooks#:~:text=For Connect webhooks,should be taken.

The problem is we cannot verify the signature because the webhook key is taken from test mode (because of "livemode": false).
your logic should not work that way.

you should choose the key to use based on the URL on your server that is hit, not the contents of the event

Sorry, the document you provided, says I have to check livemode value

For this reason, we recommend you check the livemode value when receiving an event webhook to know what action, if any, should be taken.

yeah but that is after the verification

it means like choosing to update something in your database or not

the signature choice only make sense to be from the URL; the point of the verification is to know the HTTP request actually came from Stripe, if you're insepcting details of the request body before verifying that it's technically breaking the security model if you know what I mean

Makes sense... so your recommendation is to create 2 different endpoints for test and live mode, like

site.com/webhook/test &

site.com/webhook/live

yes

does Stripe have it somewhere in the documentation (I mean such recommendation)?