#yi_webhook-signature

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1273743835519778920

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

@clear tendon I'm happy to help but I'm going to need a bit more details Where are you getting a 422 exactly? What does your code look like?

Sweet! Yes, I can give you more details

@payment_router.post("/webhook")
async def webhook_received(
request: Request, stripe_signature: str = Header(alias="Stripe-Signature")
):
supabase = create_supabase_client()
webhook_secret = os.environ.get("STRIPE_WEBHOOK_SECRET")
# webhook_secret = (
# "whsec_5daf4bd6944561080d7810ee08c1eaeefed59ab95a0fc510f52613d1504fd81d"
# )
stripe.api_key = webhook_secret
data = await request.body()
try:
event = stripe.Webhook.construct_event(data, stripe_signature, webhook_secret)
event_data = event["data"]
print(event_data)
except Exception as e:
raise HTTPException(status_code=422, detail=str(e))

if event["type"] == "checkout.session.completed":
    print("Successful checkout!")

    transaction = {
        "transaction_id": str(uuid.uuid4()),
        "session_id": event_data["object"]["id"],
        "created_at": datetime.datetime.fromtimestamp(
            event_data["object"]["created"]
        ).isoformat(),
        "client_reference_id": event_data["object"]["client_reference_id"],
        "currency": event_data["object"]["currency"],
        "customer_email": event_data["object"]["customer_email"],
        "price": event_data["object"]["amount_total"],
        "payment_status": event_data["object"]["status"],
    }

    # save metadata to database
    response = create_transaction(supabase, transaction)

    print(response)

    return RedirectResponse(url=os.environ.get("CLIENT_BASE_URL") + "/success")

okay so the 422 is coming from your own code that you wrote here

Yes

I recommend reading https://docs.stripe.com/webhooks/signature

I get the 422 error when I try to construct an event

yi_webhook-signature

So I confirmed that I was getting the signature header

I am not so sure if it's the right header, but I have the correct client key being passed so I assume it's the right now

one*

yes I know but that page goes over in details on root causes. Making sure you have the signature, that you have the right secret (and not mixing them up) is crucial
If you are certain you carefully triple checked this then the next root cause is the raw payload which that doc covers in details too

I have the secret that starts with we_ being passed

The doc literally says

In both cases, the secret starts with a whsec_ prefix

Aw

yes

that's the problem I think

if you used the we_123 then you are passing the wrong secret, that's the id of the WebhookEndpoint

yeah it's unfortunately a common mistake. We don't want to hardcode the prefix in the SDK since we might change it in the future but it's causing confusion like yours 😦

yes I made the wrong assumption that test mode webhook secrets start with whsec_ as sk_live is diff than sk_test

Thank you so much!!!