#oxmarco_webhooks

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• oxmarco_connect-webhooks, 1 hour ago, 70 messages
• oxmarco_connect, 9 hours ago, 68 messages
• oxmarco_code, 1 day ago, 57 messages

👋 Welcome to your new thread!

⏲️ We'll be here soon! We typically respond in a few minutes, but in some cases we might need a bit more time (e.g., server's busy, you've got a complex question, etc.).

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1247636781244092476

📝 Have more to share? Add details, code, screenshots, videos, etc. below.

apologies for the third time asking for help

but the new stripe upgrade invalidated a sizeable chunk of my codebase

Hi, do you mind clarifying what you mean by 'new stripe upgrade'?

specifically, now two different webhook secrets are generated for "own account" and "connected account" events

in the past I'd use the same webhook secret for both, now they require two different secrets

the issue is, it makes decoding events fail

-> get the raw body
-> call stripe.webhooks.constructEvent
-> process the event

now I need to do

-> get the raw body
-> somehow get if it's a connected account-related event or my account event
-> call stripe.webhooks.constructEvent passing one of the two webhook secrets
...

From today Stripe requires me to use a different dashboard to setup webhooks

this was yesterday

the same webhook for connected accounts and "normal" events (like checkout)

Here is our guide on Connect webhooks: https://docs.stripe.com/connect/webhooks

now when creating a new webhook endpoint I must choose which of the two events to listen to, and the secret I get is different

You always needed to specify if you're listening to Connect or not: https://docs.stripe.com/api/webhook_endpoints/create#create_webhook_endpoint-connect

but previously I could use the same endpoint and the same secrets

I'm testing this on my end, hang tight

ok something extremely weird is going on, I'm receiving events now from connected accounts signed with the "normal" webhook secret

I'm looking at my old set up and I can see that I do have two separate webhook signing secret on the connect and the dorect webhook endpoints.

I also confirmed with a teammate on my end, and we are confident that getting two separate webhook signing secret on two separate webhook enpoints is right. There was not an option to combine the two previously.

I used for two months the same webhook secret

and it worked perfectly until now

when I refreshed the endpoint and got different secrets

a probable but weird answer would be I actually received the same webhook secret for both

The screemshot you shared above only shows a direct webhook endpoint. I do not see a connect one.

totally true, but I was receiving connect webhooks

Can you share the connect event id and the direct event id with me from when it worked with the same endpoint?

pi_3PIf9d07H6EN3qHX0PCq9DD7

it seems for some reason events were buffered on Stripe side and I'm getting them all right now

I haven't tested for the last hour but I see webhook invocations on the webserver access log

Wait, are you saying things are working now and you're unblocked?

I am still receiving events with invalid payloads

I am quite sure these events were generated earlier today when I was using a different key, can you confirm the possibility Stripe has queued these events for 2-3hr and is pinging my endpoint now?

Can you share s specific event ID that I can look into?

From looking at this PI, pi_3PIf9d07H6EN3qHX0PCq9DD7 this is a direct charge. The events are sent to our webhook endpoint that is not connect, evt_3PIf9d07H6EN3qHX0Ui0Z0jD.

from the latest ones?

I can't decode them, they are signed with an invalid key

So it looks like you need to update the signing key. You mentioned 'can you confirm the possibility Stripe has queued these events for 2-3hr and is pinging my endpoint now?' so I'm asking if you can share an example.

nestjs-backend  | [Nest] 19  - 06/04/2024, 8:41:00 PM     LOG [PaymentService] Received a webhook: account.updated
nestjs-backend  | [Nest] 19  - 06/04/2024, 8:41:00 PM   ERROR [PaymentService] Invalid webhook data received
nestjs-backend  | [Nest] 19  - 06/04/2024, 8:41:00 PM   ERROR [PaymentService] Exception
nestjs-backend  | [Nest] 19  - 06/04/2024, 8:41:00 PM   ERROR [PaymentService] NotFoundException: Not Found Exception

none of these events was emitted recently

one was signed with the correct key account.updated, the other was signed with a wrong key

and Stripe raised a NotFoundException

You should still see the events ID, can you share an ID?

just requestBody.id?

It should start with 'evt_'

evt_1PO4NE5v2ng9EExwltq6sQYE

evt_1PO4NB5v2ng9EExwrPhssEsI

I get an invalid event and then a valid event of the same type (account.update)

👋 Stepping in for my teammate

Both of these events are being sent to the Connect webhook endpoint configured on your platform. What do you mean by "invalid event and then a valid event"? I see the webhook endpoint replied with a 400 status code for both evt_1PO4NE5v2ng9EExwltq6sQYE and evt_1PO4NB5v2ng9EExwrPhssEsI

Hi 👋

I think the events were buffered

now I set up a new endpoint for connect-related events

or does Stripe just retry several times to broadcast the same event?

If event delivery fails, we will retry the same event up to three tries over a few hours in test mode: https://docs.stripe.com/webhooks#retries

ah ok then problem solved