#nielsen_webhooks-signature

👋 Welcome to your new thread!

⏲️ We'll be here soon! We typically respond in a few minutes, but in some cases we might need a bit more time (e.g., server's busy, you've got a complex question, etc.).

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1258160237106434179

📝 Have more to share? Add details, code, screenshots, videos, etc. below.

That's just the unicode equivalent

would you recommend then, I just decode individual values, rather than trying to decode the entry payload?

Does stripe encode all string values before they send them through webhooks?

As far as I know, every request is JSON encoded and places where there are special characters are sent as unescaped strings. Are you sure your AWS API isn't mutating the raw requests?

I used the sample code for the Java server locally along side the stripe cli

and i see the request comiing in escaped

here the output before escaping

here it's after escaping

I modifed the sample Java server slightly

The Stripe SDK also verifies the payload with the unicode character

here is the log output after verifying the same event in my aws environment

Deserialized payload: <com.stripe.model.Event@1522986667 id=evt_1PYZTqRpoKCDAahEreTiT0rh> JSON: {
"account": "acct_1PIzZZRpoKCDAahE",
"api_version": "2024-04-10",
"created": 1720037322,
"data": {
"previous_attributes": {
"name": "Testing Update\u0026"
},
"object": {
"id": "cus_QNQ0GvSdsguDcI",
"object": "customer",
"address": null,
"balance": 0,
"created": 1719582529,
"currency": null,
"default_source": null,
"delinquent": false,
"description": null,
"discount": null,
"email": null,
"invoice_prefix": "1B6E88B7",
"invoice_settings": {
"custom_fields": null,
"default_payment_method": null,
"footer": null,
"rendering_options": null
},
"livemode": false,
"metadata": {
"entityId": "part_01905f11-f6ee-7128-8b2e-c03377f8b36e",
"payorId": "payor_01905f1b-16b8-7a8b-8d74-9275f0680cdc"
},
"name": "Testing\u0026 Update\u0026",
"next_invoice_sequence": 1,
"phone": null,
"preferred_locales": [],
"shipping": null,
"tax_exempt": "none",
"test_clock": null
}
},
"id": "evt_1PYZTqRpoKCDAahEreTiT0rh",
"livemode": false,
"object": "event",
"pending_webhooks": 1,
"request": {
"id": "req_Qn4XctO70EdqgH",
"idempotency_key": "7a9353be-4cfc-48b3-977f-b3ebcf8aed96"
},
"type": "customer.updated"
}

Got it, okay that makes sense. I guess we do encode special characters and then send the JSON with the encoded characters. I think the only thing you can do here then is to decode them as soon as you receive them.

I see, so in reality I don't have to do my own url encoding when I pass the request to SQS then.

I can't really speak to that part unforutnately. I'm not familiar with SQS

Ok, that's fine. Is there any documentation that talks about the encoding behavior that Stripe does? I did not find anything on the website that references this.

Not really unfortunately

Ok got it. Thank you.