xwy_webhooks | Stripe Developers | Page 1

muted kilnBOT Apr 10, 2024, 9:48 AM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1227555859014619146

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

wise pasture Apr 10, 2024, 9:49 AM

#

I have developed a backend API service using Python FastAPI (server IP: 34.125.122.121), which includes a Stripe webhook service as follows:

app = FastAPI()

@app.post("/webhook", summary="Recharge Callback", tags=['Account Recharge'])
async def stripe_webhook(request: Request, db: Session = Depends(get_db)):
  payload = await request.body()
  sig_header = request.headers.get('Stripe-Signature')
  logger.info("stripe_webhook payload: {}", payload)

  try:
    event = stripe.Webhook.construct_event(
      payload, sig_header, endpoint_secret
    )
  except ValueError as e:
    logger.error("stripe_webhook ValueError: {}", str(e))
    return JSONResponse(content={"error": "Invalid payload"}, status_code=400)
  except stripe.error.SignatureVerificationError as e:
    logger.error("stripe_webhook ValueError: {}", str(e))
    return JSONResponse(content={"error": "Invalid signature"}, status_code=400)

  # Handle the event
  if event['type'] == 'checkout.session.completed':
    logger.info("stripe_webhook event: {}", event)

  return JSONResponse(content={}, status_code=200)


if __name__ == "__main__":
  uvicorn.run(app, host="0.0.0.0", port=8200)

#

Cloudflare DNS

Cloudflare has been configured for DNS resolution and an HTTPS certificate. The IP address where the service resides is 34.125.122.121, and the resolution record is as follows:
A proxyshop.io 34.125.122.121 Proxied
www proxyshop.io 34.125.122.121 Proxied

Nginx

The configuration for Nginx is as follows, where /etc/nginx/conf.d/cert/ contains the SSL certificate obtained from Cloudflare

vi /etc/nginx/conf.d/proxyshop.conf

server {
  listen 80;
  server_name proxyshop.io;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name proxyshop.io;

  ssl_certificate /etc/nginx/conf.d/cert/proxyshop.pem;
  ssl_certificate_key /etc/nginx/conf.d/cert/proxyshop.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'ECDHE-E...';
  ssl_prefer_server_ciphers on;

  location / {
    root /opt/www/html/proxyshop/dist;
    try_files $uri $uri/ /index.html;
  }

  proxy_set_header Content-Type $content_type;
  location /user/ {
    proxy_pass http://127.0.0.1:8200/user/;
  }

  location /webhook/ {
    proxy_pass http://127.0.0.1:8200/webhook;
  }
}

webhook

In the test environment, I configured the Stripe webhook as follows: http://34.125.122.121:8200/webhook The webhook works normally.
Now, I need to move the service to the production environment and configure the Stripe webhook: https://proxyshop.io/webhook However, I find that the webhook fails.

fail info

stripe_webhook- stripe_webhook ValueError: No signatures found matching the expected signature for payload

woeful merlinBOT Apr 10, 2024, 9:49 AM

#

wise pasture Apr 10, 2024, 9:50 AM

#

how to deal this

drifting yew Apr 10, 2024, 9:51 AM

#

Hi, let me help you with this.

#

Are you sure you're using the correct webhook secret in Live mode?

wise pasture Apr 10, 2024, 9:52 AM

#

yes

#

#

drifting yew Apr 10, 2024, 9:55 AM

#

Can you check what is the value of sig_header and payload? You need to make sure payload is not parsed into an object

wise pasture Apr 10, 2024, 9:55 AM

#

wise pasture Apr 10, 2024, 9:55 AM

#

drifting yew Can you check what is the value of `sig_header` and `payload`? You need to make ...

how to check

drifting yew Apr 10, 2024, 9:56 AM

#

Print it out.

wise pasture Apr 10, 2024, 9:58 AM

#

nimble jay Apr 10, 2024, 9:58 AM

#

hi! I'm taking over this thread.

#

can you share an Event ID (evt_xxx) with this isuee?

#

and also share the full logs of the error (including the new prints you added)?

wise pasture Apr 10, 2024, 10:00 AM

#

📎 message.txt

wise pasture Apr 10, 2024, 10:00 AM

#

nimble jay can you share an Event ID (evt_xxx) with this isuee?

how to get Event ID

nimble jay Apr 10, 2024, 10:00 AM

#

you jsut shared one: evt_1P3xufKYPDm69i1aTR2K7oYb

#

I see you have multiple webhook endpoints setup to listen to that type of event. which webhook endpoint are you currently testing? can you share its ID (we_xxx)?

wise pasture Apr 10, 2024, 10:03 AM

#

https://proxyshop.io/webhook

#

we_1P3u9zKYPDm69i1aQa7npEld

nimble jay Apr 10, 2024, 10:04 AM

#

I just deleted your message, please don't share the webhook secret on a public channel

#

can you confirm that your code is using a webhook secret that looks like this: whsec_vJ...RN0c?

wise pasture Apr 10, 2024, 10:05 AM

#

yes

#

I set we_1P3vwKKYPDm69i1asXCcCUrD this http endpoint works ok

#

but change we_1P3u9zKYPDm69i1aQa7npEld https://proxyshop.io/webhook

not work

nimble jay Apr 10, 2024, 10:08 AM

#

are both endpoints using the same code?

wise pasture Apr 10, 2024, 10:09 AM

#

yes , same code, diff endpoint_secret

#

https always not work

nimble jay Apr 10, 2024, 10:10 AM

#

I set we_1P3vwKKYPDm69i1asXCcCUrD this http endpoint works ok
I just checked, and I see a lot of errors for that endpoint. why do you say it "works ok"?

wise pasture Apr 10, 2024, 10:11 AM

#

this is nginx conf

#

server {
listen 80;
server_name proxyshop.io;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name proxyshop.io;

ssl_certificate /etc/nginx/conf.d/cert/proxyshop.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/proxyshop.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305';
ssl_prefer_server_ciphers on;

location / {
    root /opt/www/html/proxyshop/dist;
    try_files $uri $uri/ /index.html;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
    root /usr/share/nginx/html;
}

proxy_set_header Content-Type $content_type;
location /user/ {
    proxy_pass http://127.0.0.1:8200/user/;
}

location /product/ {
    proxy_pass http://127.0.0.1:8200/product/;
}

location /webhook/ {
    proxy_pass http://127.0.0.1:8200/webhook;
}

}

wise pasture Apr 10, 2024, 10:12 AM

#

nimble jay > I set we_1P3vwKKYPDm69i1asXCcCUrD this http endpoint works ok I just checke...

nimble jay Apr 10, 2024, 10:14 AM

#

so it worked before, but it no longer works?

wise pasture Apr 10, 2024, 10:15 AM

#

works now, I set some error config recent

#

#

not works for https , is it nginx conf err ?

nimble jay Apr 10, 2024, 10:20 AM

#

note that for live mode, you have to use HTTPS as mentionned here: https://docs.stripe.com/webhooks#webhook-endpoint-def

#

and we don't know much about nginx here, so you'll need to debug this on your end. you just need to make sure your webhook endpoint URL is publicly accessible, doesn't redirect, and return a 200 response to Stripe.

wise pasture Apr 10, 2024, 10:24 AM

#

so , do not support nginx reversed proxy?

nimble jay Apr 10, 2024, 10:34 AM

#

give me a few minutes to look into this

wise pasture Apr 10, 2024, 10:42 AM

#

😘

#xwy_webhooks

Cloudflare DNS

Nginx

webhook

fail info