#durxiking_webhooks-signature

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• durxiking_error, 8 hours ago, 39 messages

👋 Welcome to your new thread!

⏲️ We'll be here soon! We typically respond in a few minutes, but in some cases we might need a bit more time (e.g., server's busy, you've got a complex question, etc.).

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1253794575391260817

📝 Have more to share? Add details, code, screenshots, videos, etc. below.

Hi can you share more details

Is this a local endpoing, deployed test endpoint, etc?

How are you sending events to the endpoint?

Is this a local endpoing, deployed test endpoint, etc?

It's deployed like I have endpoints.

DIrectly from stripe like I have awebpage that has stripe payments implemented and I make a payment (test mode) and then from the dashboard I see the error 500 http_...

Do you want the code of the endpoint?

The webhook endpoint is deployed?

And yes please send the code

Yes it's deployed

@limiter.limit("12 per minute") # Adjust limit as needed
def webhook_stripe_webhook():

event = None
payload = request.data
sig_header = request.headers['STRIPE_SIGNATURE']

if not payload or not sig_header:
    return jsonify({'error': 'No data provided'}), 400
try:
    url = 'http://localhost:5000/getit'
    endpoint_secret = requests.get(url)
    try:
        event = stripe.Webhook.construct_event(
            payload, sig_header, endpoint_secret
        )
    except ValueError as e:
        return jsonify({'error': 'Invalid payload'}), 400
    except stripe.error.SignatureVerificationError as e:
        return jsonify({'error': 'Invalid signature'}), 400

    # Process the event
    if event['type'] in ['payment_intent.payment_failed', 'payment_intent.succeeded']:
        payment_intent = event['data']['object']  # PaymentIntent object
        new_status = 'successful' if event['type'] == 'payment_intent.succeeded' else 'failed'
        client_secret = payment_intent['client_secret']
    
        # Call external API to update order status
        update_url = 'http://localhost:5000/update-order-status'
        response = requests.post(update_url, json={
            'payment_intent_id': client_secret,
            'status': new_status
        })

        if response.status_code != 200:
            #return jsonify({'error': 'Failed to update order status', 'details': response.text}), response.status_code
            return jsonify({'error': 'Failed to update order status', 'details': 'not gut'}), response.status_code

    return jsonify(success=True), 200

except requests.exceptions.RequestException as e:
    print(f"Error getting product price: {e}")
    return jsonify({'error': 'Failed to communicate with support form processing API'}), 500

there is an app.route.... method post

Why do you make a request to retrieve the endpoint secret?

You should just store that as an environment variable

First thing I recommend doing is logging the endpoint secret prior to calling construct_event. That way you can verify you're using the correct one

make sure there's no extra whitespace or characters trailing or leading it

It should be the one ending in vQmg

I do have it in an enviromnment variable but I get it from another file and it get's it correctly

in the code above you're making a separate http request to get it which doesn't make sense

        endpoint_secret = requests.get(url)```

Did you do what I asked though? And logged it checking for whitespace?

That's the most common cause of the error you're getting

I am getting this as header tho
Received headers: t=1718998694,v1=d1750ff785354eb2209ba62b4c2ce15b0deb10b18d1870136a08df8959062849,v0=99396302016e8e54a68d35e54fa42cf505c765fa58b69a7ffa2ad9d9724ef93f

I don't think that is what I should be getting

that looks fine

But it's not the secret endpoint key that I have

Should't they be the same?

nope

If you're curious how this works under the hood you can read: https://docs.stripe.com/webhooks#verify-official-libraries

But no, they shouldn't match

"click the verify manually" to see how this works

But did you do the troubleshooting steps I suggested?

I think I have found the error

Also I highly recommend not having a separate http request to get your endpoint secret

That could lead to exposing it

If anyone can make a request to retrieve it

It's sensitive data

No it's an api that is local and not accessible from outside and I do not want to have it in the api that I have the code in now because this one does have access from the internet

So the end key is not the problem

I have made a variable without the env and still the same just a = "key"

Not sure what you mean. So are you solved?

No

You're not really providing me with info to help you

You never answered if you did my troubleshooting steps that I suggested initially

Also what did you mean earlier by "I think I have found the error"?

Because it was not getting the secret and now is

But still the same error

And I do not know how to check for spaces

I have logged it but I don't know how to find the sapces

Ok try hardcoding the endpoint secret and setting it as a variable for now. It's ok since it's test mode

the one ending in vQmg

I have done it

Error is http_stripe signature

well if it's hardcoded, you know for sure there's no spaces then right?

Yes

I think this may be asignature error

and it's the one ending in vQmg ?

Yes

ok

And you're using the test mode api key?

The one starting in sk_test ?

I forgot to add that too

I hard coded it for now but same thing

sig_header = request.headers['stripe_signature']
File "/home/myuser/.local/lib/python3.10/site-packages/werkzeug/datastructures/headers.py", line 493, in getitem
return self.environ[f"HTTP_{key}"]
KeyError: 'HTTP_STRIPE_SIGNATURE'

Ok. The final common cause for this error is that you're not passing in the raw request body you're receiving from construct_event

Oh you're getting a key error

I thought you were stripe signature verification error

May be

see: https://docs.stripe.com/webhooks/quickstart?lang=python

You should be doing sig_header = request.headers.get('stripe-signature')

The error indicates you're trying to get 'stripe_signature' instead

Yeah the header has a hyphen not underscore

Finaly

a different error haha

what's the new one

This is my code now
event = None
payload = request.data
logging.info("Received headers1")
sig_header = request.headers.get('stripe-signature')
event = json.loads(payload)
logging.info("Received headers2: %s", sig_header)

if not payload or not sig_header:
    return jsonify({'error': 'No data provided'}), 400
try:
    url = 'http://localhost:5000/getit'
    response = requests.get(url)
    
    if response.status_code == 200:
        data = response.json()  # Parse the JSON response
        #endpoint_secret = data.get('key', 'No key found')  # Extract the key or provide a default message
    else:
        logging.error("Failed to retrieve data: Status code %s", response.status_code)
    logging.info("END SECRET: %s", endpoint_secret)
    endpoint_secret = 'hardcoded'
    try:
        event = stripe.Webhook.construct_event(
            payload, sig_header, endpoint_secret
        )
    except ValueError as e:
        return jsonify({'error': 'Invalid payload'}), 400
    except stripe.error.SignatureVerificationError as e:
        return jsonify({'error': 'Invalid signature'}), 400

    # Process the event
    if event['type'] in ['payment_intent.payment_failed', 'payment_intent.succeeded']:
        payment_intent = event['data']['object']  # PaymentIntent object
        new_status = 'successful' if event['type'] == 'payment_intent.succeeded' else 'failed'
        client_secret = payment_intent['client_secret']

no what's the new error you mentioned

The data not provided but that is internal something mine

Ok so is that coming before or after signature verification? Is signature verification working now? If not, what's the error?

durxiking_webhooks-signature

I got through it somehow

now I have other problems that are not from stripe

Thanks tho