#sikariuss_webhooks

👋 Welcome to your new thread!

⏲️ We'll be here soon! We typically respond in a few minutes, but in some cases we might need a bit more time (e.g., server's busy, you've got a complex question, etc.).

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1253639625420050486

📝 Have more to share? Add details, code, screenshots, videos, etc. below.

hi! what does your exact complete code look like? and what's the actual error/stacktrace you're getting?

Service

And I get my error 400 meaning that event is NULL.

have you added logs to check the vaues of $payload/$endpoint_secret/$stripe_signature ? that's the first step.

$_ENV["STRIPE_WEBHOOK_SEND_INVOICE"] looks like this : whsec_owYiBVyjRso[...], I retrieve them from my webhook that I created on Stripe. And the header stripe-signature gives me : t=1718961959,v1=0dcd30fb8156d598af1c[...],v0=7635c85e00870e55b994c[...].

and does the $payload look identical to what's on https://dashboard.stripe.com/test/events/evt_1PU3OBFI9m9EHoBSuEjDk3iJ , including the whitespace and tabs? does the text Numéro TVA intracommunautaire get properly rendered(i.e. does your "request->getContent" handle UTF8)?

is the whsec_xxx from your Dashboard for this endpoint URL (not from stripe-cli's output)?

My payload seems to be correct because if I do this in my service it's work.

public function getWebhook(string $payload): ?Event
    {
        try {
            $event = Event::constructFrom(
                json_decode($payload, true)
            );
        }
        catch (\UnexpectedValueException) {
            $event = null;
        }

        return $event;
    }

The whsec_xxx I got it by clicking on the "reveal" button of Secret Signature Key in my webhook.

yeah but that is avoiding the problem

can you address this? and does the $payload look identical to what's on https://dashboard.stripe.com/test/events/evt_1PU3OBFI9m9EHoBSuEjDk3iJ , including the whitespace and tabs? does the text Numéro TVA intracommunautaire get properly rendered(i.e. does your "request->getContent" handle UTF8)?

the signature verification will only work if your $payload is exactly the raw HTTP POST body we send. Often libraries/middleware will do things like automatically parse the incoming JSON, and that removes the formatting/whitespace, and means the signature will not verify(although the actual JSON is still valid).

I do this

return $this->json([json_decode($payload, true)], $http_code);

And at evt_1PU3ojFI9m9EHoBSL5aYoAOi I get the payload but without the whitespace and tabs. And it's not UTF8.

yep

again, if you do want to verify the signature and use ::constructEvent, the next step is checking that $payload passed to that function is a string of the exact raw body, like I've been saying. If you don't care about that part you can just decode the JSON manually without verifying the signature. At this point I'm not sure what I can help you with?

I just return the $payload and I get this in my response.

that does seem pretty strange/unusual and not a valid string for that function, so that's probably the issue

not sure what web framework you're using for request->getContent() here, I'd suggest checking their docs for how to get the raw HTTP POST body from the incoming request as a UTF8 string, and Google "<name of framework> Stripe webhooks" in case someone has documented how to do that(this is the #1 most common issue with Stripe wehooks)

I use Symfony and if I do request->getContent() or @file_get_contents('php://input') I get the same result.