#inderjit-janjua_api
autumn narwhalBOT
đ Welcome to your new thread!
â˛ď¸ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.
âąď¸ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.
đ This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1287691617536446517
đ Have more to share? Add more details, code, screenshots, videos, etc. below.
leaden igloo
hi! not sure I understand the question, sorry.
leaden igloo
why?
hollow grail
I'm passing in the "Stripe-Account" header to make the payment intent but the error message says otherwise
Need to verify
Because I don't know where the issue is
leaden igloo
you're not passing it in, if you were, you wouldn't get the error message
hollow grail
leaden igloo
the issue is probably you pass {stripeAccount: myVariable} and myVariable is null/undefined.
leaden igloo
that is frontend code that seems unrelated to this backend API call?
hollow grail
Those are print logs
I'm debugging atm
Thats what's being passed
// Retrieve account ID from the database before making the API call
const accountId = await retrieveAccountId(user.uid);
console.log(accountId);
const headers: { [key: string]: string } = {
"Content-Type": "application/json"
};
const applicationFee = Math.floor(convertToSubcurrency(amount) * 0.01); // Calculate 1% fee
if (accountId!=null) {
headers["Stripe-Account"] = accountId; // Only add if accountId is valid
}
console.log(headers);
const response = await fetch("/api/stripe/create-payment-intent", {
method: "POST",
headers: headers,
body: JSON.stringify({
amount: convertToSubcurrency(amount),
currency: currency,
application_fee_amount: applicationFee, // Application fee amount (1%)
}),
});
passed to what by what?
anyway the issues is probably what I said. Look at your backend code for stripe.paymentIntents.create() , find where you set stripeAccount, and add logs/debug to determine why it's null
yeah all that code is on the frontend, it's the backend code that actually calls the Stripe API.
leaden igloo
also your code seems like it would allow any customer visiting your site to change the application fee
hollow grail
How so
leaden igloo
since I could edit this Javascript in my browser and then it sends the amount to your backend, which then uses it
hollow grail
You're right
I'm just trying to make it work atm
Will look into securing it later
Headers: [object Headers]
accept: */*
accept-encoding: gzip, deflate, br, zstd
accept-language: en-NZ,en;q=0.9
connection: keep-alive
content-length: 60
content-type: application/json
cookie: _ga=GA1.1.725599488.1723853471; __stripe_mid=59f7f316-63ed-4614-8468-58f091b31947e8d3cd; _ga_NBHJ9RHEPJ=GS1.1.1725527574.30.0.1725527574.0.0.0; token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImUwM2E2ODg3YWU3ZjNkMTAyNzNjNjRiMDU3ZTY1MzE1MWUyOTBiNzIiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoiSW5kZXJqaXQgSmFuanVhIiwicGljdHVyZSI6Imh0dHBzOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9hL0FDZzhvY0xJd0lweGgtUkhWSjI0NGhxTnhFNmhJQ1JjekNPblhWd3V1T3lHNlBYQURMQU54Zz1zOTYtYyIsImlzcyI6Imh0dHBzOi8vc2VjdXJldG9rZW4uZ29vZ2xlLmNvbS9lemludm9pY2UtOTZkZTQiLCJhdWQiOiJlemludm9pY2UtOTZkZTQiLCJhdXRoX3RpbWUiOjE3MjY5NzQwODYsInVzZXJfaWQiOiJ6VnRSVUFqUVRvTXY4N2ZSa0w0bURLU1RiSGwyIiwic3ViIjoielZ0UlVBalFUb012ODdmUmtMNG1ES1NUYkhsMiIsImlhdCI6MTcyNzA3ODk3MywiZXhwIjoxNzI3MDgyNTczLCJlbWFpbCI6ImluZGVyaml0LmphdW5qdWE5N0BnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJnb29nbGUuY29tIjpbIjExNjUxNDkxMDkxODg0MjgyNTc5MCJdLCJlbWFpbCI6WyJpbmRlcmppdC5qYXVuanVhOTdAZ21haWwuY29tIl19LCJzaWduX2luX3Byb3ZpZGVyIjoiZ29vZ2xlLmNvbSJ9fQ.b-tN-IVfcjirgAMdRWDqJib-VB_dAUiCAQASSxW04pXVSEqza8Aa8Z01U6YF1Njxczj8dPy2jC8W0oYKKcgqCstTtYcfJAt-uh4u70ovVCQaL8ph0-K6NNyBY2ubKzRM41ww7c1BUASG4hwXVc-7F2eYOzflIfL917sZGoqoAjVP4DUtohbsOihYmafclcreelyPpzRrhPLZMv6jgUi2CQHrizDoaTuChubkuadzYcumCpgisKRUmKgJbum2MKZw05nADTIrU0_AuEJjoQ4ADY6GAeVqEZoaJUfghOqzVifyXA4_Ledz__lypfA7TTRex2dZkmjKw6bNMg9OZxThVg; __stripe_sid=657c38d3-bb3d-40da-b385-6605c555a261d9316d
host: localhost:3000
origin: http://localhost:3000
referer: http://localhost:3000/payment
sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
stripe-account: acct_1Q1g3xI2vmHw7vKe
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
x-forwarded-for: ::1
x-forwarded-host: localhost:3000
x-forwarded-port: 3000
x-forwarded-proto: http
So these are the print logs
backend
My code is
import { NextResponse } from 'next/server';
const stripeSecretKey = process.env.STRIPE_SECRET_KEY;
if (!stripeSecretKey) {
throw new Error('Stripe secret key is not defined in environment variables.');
}
const stripe = require('stripe')(stripeSecretKey);
export async function POST(req: Request) {
try {
console.log("Test");
console.log("Headers: "+req.headers);
for (const [key, value] of req.headers) {
console.log(`${key}: ${value}`);
}
const paymentIntent = await stripe.paymentIntents.create(await req.json());
return NextResponse.json({ clientSecret: paymentIntent.client_secret });
} catch (error) {
// Log error details for debugging
console.error('Error creating Payment Intent:', error);
// Return a generic error message to the client
return NextResponse.json(
{ error: 'Internal Server Error. Please try again later.' },
{ status: 500 }
);
}
}
doesn't seem like that code ever uses the headers you're trying to read from the frontend, right?
leaden igloo
the correct way to make this call is https://docs.stripe.com/connect/authentication#stripe-account-header
{
amount: 1000,
currency: 'usd',
},
{
stripeAccount: '{{CONNECTED_ACCOUNT_ID}}',
}
);
Thanks
autumn narwhalBOT