vlad_webhooks | Stripe Developers | Page 1

graceful frostBOT Sep 10, 2024, 1:11 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1283052277569032336

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

lofty goblet Sep 10, 2024, 1:19 PM

#

"api_version": "2024-06-20"

nova lotus Sep 10, 2024, 1:19 PM

#

Hey there, Can you share you endpoint code where you check the signature, with any secrets redacted?

lofty goblet Sep 10, 2024, 1:20 PM

#

//Stripe.net 45.9.0 expects API version 2024-06-20
Event stripeEvent = _useStripeSignature
? EventUtility.ConstructEvent(message, _stripeSignature, _stripeWebhookSigningSecret)
: EventUtility.ParseEvent(message);

#

My code is in c# .net 8

#

_stripeWebhookSigningSecret: whsec_kP35eftw8ThAkF21putmEERYLD1k33dl

#

_stripeSignature: t=1725971640,v1=2fa96882a92ff70e21ecccfa3bbea60f260595ebb45e5d132f593893ac4748b8,v0=55919eb3d298e8778d25fc1c3c1f0505ea36b99cc16977ead0d6c3d7d9a5200c

nova lotus Sep 10, 2024, 1:25 PM

#

Can you share an example event ID (evt_123) that youre trying to verify?

#

Since it looks like you have the signature and secret, unless its the wrong secret for the endpoint the issue is almost certainly a problem with the raw request body.

#

Take a look here for some general guidance: https://docs.stripe.com/webhooks/signature

Resolve webhook signature verification errors

Resolve webhook signature verification errors, and check the endpoint secret, check the request body, retrieve the raw request body, and check the signature.

#

But in the code you shared, it's not revealed where message comes from.

#

It is necessary to ensure this is the raw request body not parsed or mutated in any way by your application

lofty goblet Sep 10, 2024, 1:28 PM

#

{
"id": "evt_1PxTGdHoYPkuIlvmvCfSD7VA",
"object": "event",
"api_version": "2024-06-20",
"created": 1725971638,
"data": {
"object": {
"id": "py_1PxTGbHoYPkuIlvmpL5VZ5Wc",
"object": "charge",
"amount": 11380,
"amount_captured": 11380,
"amount_refunded": 0,
"application": null,
"application_fee": null,
"application_fee_amount": null,
"balance_transaction": "txn_1PxTGcHoYPkuIlvmYSQHsQCH",
"billing_details": {
"address": {
"city": null,
"country": null,
"line1": null,
"line2": null,
"postal_code": null,
"state": null
},
"email": null,
"name": null,
"phone": null
},
"calculated_statement_descriptor": null,
"captured": true,
"created": 1725971637,
"currency": "usd",
"customer": "cus_JyLnUVRzprd9Mp",
"description": null,
"destination": "acct_1Iv6tMQha11QJ1dB",
"dispute": null,
"disputed": false,
"failure_balance_transaction": null,
"failure_code": null,
"failure_message": null,
"fraud_details": {
},
"invoice": null,
"livemode": false,
"metadata": {
"payments_userId": "093ac0fb-6af4-eb11-aac4-0aa5420d894d",
"payments_transactionFeeType": "None",
"stripe_paymentMethodId": "ba_1PtTucHoYPkuIlvmN3svqZAe",
"payments_transactionFee": "0",
"payments_isAutomaticPayment": "False",
"sfdc_clientNumbers": "586083-001",
"payments_confirmationCode": "71D236FC-D9460AB4",
"stripe_connectedAccountId": "acct_1Iv6tMQha11QJ1dB",
"payments_pendingTransactionId": "593f62f2-706f-ef11-acec-0af88a286ad1"
},
"on_behalf_of": null,

nova lotus Sep 10, 2024, 1:30 PM

#

I do see use of the Stripe CLI listen command here

#

Are you testing your hosted endpoint, or with the listen command?

lofty goblet Sep 10, 2024, 1:31 PM

#

No

#

I have another endpoint that works good

#

It is for setup_intent.succeeded

#

So, I was thinking it could be related to event type

#

I have hosted endpoint

nova lotus Sep 10, 2024, 1:34 PM

#

lofty goblet No

That was an either or question

#

Ok, this testing is on your ~~live~~ hosted endpoint, and youre not using the CLI listen

lofty goblet Sep 10, 2024, 1:36 PM

#

I am not sure what else I can check

nova lotus Sep 10, 2024, 1:37 PM

#

You say this is working for other event types? on the same endpoint/handler?

lofty goblet Sep 10, 2024, 1:38 PM

#

I have one endpoint for setup_intent events and another for charge events

#

endpoint for setup_intent works good with stripe signature

nova lotus Sep 10, 2024, 1:39 PM

#

The event you shared (evt_1PxTGdHoYPkuIlvmvCfSD7VA) was a charge.pending event and the signing secret matches what i'd expect for the endpoint it was sent to

#

(note that you did respond successfully to the delivery for that event)

#

If your code works for one endpoint and not the other, I would recommend reviewing the differences between those endpoints

lofty goblet Sep 10, 2024, 1:41 PM

#

Ok, I am going to check that, thanks

#vlad_webhooks