#thomask_apps-webhooks

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• thomask_app-branding, 47 minutes ago, 15 messages

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1273348908323438705

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

thomask_apps-webhooks

@gloomy jasper Apps and Connect work the same way here. You should not create a WebhookEndpoint on the connected account, that';s forbidden.
You should still have a Connect WebhookEndpoint on your platform that will receive Events from all connected accounts

No that's not what I'm trying

Please check req_KiiuDxzfedENwQ

I'm trying to GET https://api.stripe.com/v1/account

Why are you doing this?

Which seems like a trivial API call

Ehm because I need to fetch the account id

hum

To be able to later match against my own customer

that doesn't make sense "fetch the account id", you should know the account id already since it's connected to your app.

I'm using a third party oauth service (Nango) that doesn't expose the token response

I don't know what that means sorry. You should be able to replace that service with your own code to get all the information you need

Sorry super confused by your end goal. But Stripe Apps work differently from Stripe Connect in terms of permissions. With Connect you got "full access" to the API for read for example. With a Stripe App you have to configure every individual permission you want access to/for. A bit like an iOS or Android app on your phone
So if you want to be able to call the Retrieve Account API you have to have that permission first.

See https://docs.stripe.com/stripe-apps/reference/permissions#object and you likely want connected_account_read

Okay I think that's helpful

I was trying the "read_only" permission

But that's for legacy connect then I guess?

correct. Connect had basically read_only or read_write which gave you full read/write access.
Stripe Apps are a more advanced integration where you explicitly list all the permissions you want. And if in the future you want a new permission, the end user has to "agree" to that permission. Again similar to how you install Facebook and they ask for your location access and such.
It gives more granular access which protects both the end user and your platform from getting sensitive data you don't need.
But it does require being more explicit early on about the list of API(s) you want to have access to/use

Okay, weirdly enough this is the error that the Stripe API is returning:
"error": "{\n "error": {\n "code": "more_permissions_required_for_application",\n "message": "This application does not have the required permissions for this endpoint on account 'acct_1OC2Z9IesrYxZymc'. Having the 'read_only' scope would allow this request to continue.",\n "request_log_url":

yeah the error message is bonkers, I've flagged this before but I'll flag again

Okay, so I just went through the OAuth flow, requesting the "connected_account_read" scope. After that, I called the API, but am still seeing the same error

I'll get you the reuqest id

req_ADQui5rH8yPPHC

You don't have that permission on that account's install of the app. You still only have rak_app_backend_signature_read

Okay, I'm requesting with the correct scope through the intermediary. I can't see the request id though in their logs. I'm going to try to get that from the first and will report back

yeah I don't think that's the issue and I'm not sure what "through the intermediary" could mean unfortunately. But as far as I can tell you haven't properly configured your Stripe App to ask for the right permission. I recommend reading the docs on permission to deeply understand how this works first