xfitnsec_webhooks | Stripe Developers | Page 1

honest furnaceBOT Apr 11, 2024, 7:55 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1228070958565429280

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

fast kelp Apr 11, 2024, 7:57 PM

#

I have setup a "preshared-token" in the Gravwell system. https://docs.gravwell.io/ingesters/http.html#preshared-token

honest furnaceBOT Apr 11, 2024, 8:45 PM

#

dapper briar Apr 11, 2024, 8:48 PM

#

@fast kelp Sorry for the delay! Taking a look at the event you shared

fast kelp Apr 11, 2024, 8:48 PM

#

Hi @dapper briar no worries! Thanks for looking into this

dapper briar Apr 11, 2024, 8:51 PM

#

I'm not familiar with Gravwell so you may need to work with their team on this. Any endpoints used by Stripe to send events to need to be publicly accessible

fast kelp Apr 11, 2024, 8:53 PM

#

Gravwell is able to accept webhooks as an HTTP Sink, I was able to set this up in Auth0. But as part of the Auth0 token, I had a input a token name

#

It isn't clear to me what the token name for Stripe is, when I'm looking at the logs, I'm getting a 401 error for the lack of the name, which could be an incorrectly setup sink in Gravwell. But it isn't clear to me what exactly Stripe is sending for authentication

dapper briar Apr 11, 2024, 8:58 PM

#

Gotcha. The events that Stripe sends don't include any sort of authentication. There's a webhook secret that you can use with your endpoint to confirm that the event came from Stripe but I don't think this is what you're referring to

fast kelp Apr 11, 2024, 9:00 PM

#

The webhook secret is the signing secret in the webhook right?

dapper briar Apr 11, 2024, 9:01 PM

#

Correct

fast kelp Apr 11, 2024, 9:04 PM

#

That makes sense, There is no other authorization information sent?

#

Is there any way to capture or see an example of what is being sent in a webhook?

dapper briar Apr 11, 2024, 9:07 PM

#

The requests that are made to your endpoint are POST requests that include an event object in the JSON payload. I recommend testing locally with a local handler and the Stripe CLI to trigger specific events: https://docs.stripe.com/webhooks#webhooks-summary

#xfitnsec_webhooks