#_unexpected
twilit runeBOT
๐ Welcome to your new thread!
โฒ๏ธ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.
โฑ๏ธ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.
๐ This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1301188084523859978
๐ Have more to share? Add more details, code, screenshots, videos, etc. below.
Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.
- _api, 17 hours ago, 42 messages
merry holly
The event id of data sent to the webhook, is here : evt_1QFcZA2MMD1HzYgM2zzHSiov
Also, is there a way to have all the data sent to the webhook so I don't need to make any calls back to stripe. It seems kind of silly to have to request the line_items and shipping details each on separate api calls. This is also causing throughput problems because of API restrictions/limits imposed on how many times they can be called per minute (in painful request with stripe support to try and get the limit bumped as live is very busy)
the "timed out" is because i put sleep() delays between the calls so the transaction has a higher chance of not hitting the throttle
harsh trail
Hello, looking in to this. I thought the Checkout Session had a discounts array but I am not seeing it in the API ref. I will let you know what I can find https://docs.stripe.com/api/checkout/sessions/object
Unfortunately there isn't a way to have additional data send with the webhook events. I think the way to avoid an API call to get line_items would be to cache a mapping of the session ID to line items on your side and then retrieve it when you get the event. I get that that isn't ideal but that would probably be the best way to do that with our current capabilities
merry holly
// handle coupons here
discountCode = trim(cookie.bonuscode ?: '');
if(Len(discountCode) GT 0) {
// routine to create a new coupon at stripe for a dollar amount
// make the coupon params. add unique code to end so it doesn't conflict with existing
couponParams['currency'] = 'usd';
couponParams['amount_off'] = 2500; // ajust this amount here to the calculated dollar amount for this coupon use
couponParams['name'] = '#discountCode#';
couponParams['duration'] = 'once';
couponParams['id'] = '#discountCode#_#application.func.general.guid(true)#';
// wait
sleep(1500);
// make api call to stripe to create the checkout session
response = application.func.general.curl(
url="https://api.stripe.com/v1/coupons",
method="POST",
params=couponParams,
headers={
'Content-Type': 'application/x-www-form-urlencoded',
'Cache-Control': 'no-cache',
'Authorization': 'Bearer #local.api.secret#',
'Stripe-Version': local.api.version
},
paramsAsBody=false
);
// append new coupon to checkout session
formParams["discounts[0][coupon]"] = couponParams['id'];
}
This is what I am doing to create the coupon, to get the id, which I then pass to the structure that I pass to https://api.stripe.com/v1/checkout/sessions to get a session id
generally praying that i don't hit a throttle, and if i do, then try once more after another delay
pretty much this ---- being punished for calling the api's to get order information that is missing from the order
and if i put delays in, then we are punished for that in the way of a retry again later
the data that I expect to be expanded, or at least ideally make a single call for --
line_items
shipping
coupons
harsh trail
It looks like discounts are related to specific line items. If you expand line_items.data.discounts you should get the discounts back along with the rest of the line item data https://docs.stripe.com/api/checkout/sessions/object#checkout_session_object-line_items-data-discounts
merry holly
i don't believe that is unreasonable to ask for what items the customer purchased, which shipping service level they chose, and if they used any coupons, what the details are. the problem with these, is stripe assigns id's, and doesn't give anything so expects us to know what those id's are. or -- forces us to import all our product into a system that is rigid and can't delete products.
harsh trail
And coupons are a part of that discount field https://docs.stripe.com/api/checkout/sessions/object#checkout_session_object-line_items-data-discounts-discount-coupon
harsh trail
If you retrieve the session after that completes does the coupon show up in line items? I am not immediately aware of how it is represented in the API but at a point we do have to assign specific cents of that discount to specific line items. So I can see it being represented that way even if it isn't immediately intuitive
merry holly
no idea. i am really low-balling on api calls here
and still being throttled
whoever is in control of that, someone needs to tell them to ease up the gears a bit.
harsh trail
In test mode on the account from the event? I don't see any calls in your logs recently that got a rate limit error in that mode on that account
merry holly
ok. removing the sleep()
so you can see what i run into
429 / 0 unauthorized response from stripe
harsh trail
Can you send me the request ID from that call? I am not seeing that in your logs
merry holly
i can trigger just by creating a bare session a couple times
give me a minute to undo all the work to somewhat make this more stable (sleep()s all over the damn place)
ok. code is blotted for creating session. give me a minute to trigger it
"code": 0,
"raw": {
"Mimetype": "Unable to determine MIME type of file.",
"Errordetail": "I/O Exception: peer not authenticated",
"Filecontent": "Connection Failure",
"Statuscode": "Connection Failure. Status code unavailable.",
"Responseheader": {},
"Text": true,
"Charset": "",
"Header": ""
},
"file": "Connection Failure"
stripe refused the connection
the mime message is i decode the data based on mime type
Connection failure = no connection to stripe. peer not authenticated is the error response back on the socket
harsh trail
Are you getting that call when running from multiple machines/networks? Our rate limit errors look very different from that and I am not aware of times when we reject connections like that but am thinking of how to look at this from our side. Can you double check if you may have any firewalls rules or anything that would be stopping a connection to our public IPs?
https://docs.stripe.com/ips
merry holly
if i had a firewall blocking outbound connections to your ips
then it wouldn't make any connections
we also whitelisted all of the stripe ip's for inbound, and set the domain for accepting payments (so apple pay would work for example)
harsh trail
Gotcha, I have seen users get inconsistent connections because some of our IPs were allowed but not others. I will ask my colleagues about looking in to a connection getting rejected at that level on our side
merry holly
doesn't seem to be anything wrong with inbound from stripe, just when making the call from our server to stripes server is when it is inconsistent
(very frustrating, hence the litter in my code of 'sleep()' lol)
like this for example ( cfscript )
// Adding formParams to sessionParams
structAppend(sessionParams, formParams, true);
// wait 500 ms
sleep(700);
// make api call to stripe to create the checkout session
response = application.func.general.curl(
url="https://api.stripe.com/v1/checkout/sessions",
method="POST",
params=sessionParams,
headers={
'Content-Type': 'application/x-www-form-urlencoded',
'Cache-Control': 'no-cache',
'Authorization': 'Bearer #local.api.secret#',
'Stripe-Version': local.api.version
},
paramsAsBody=false
);
if(response.code EQ 0) {
// wait 500 ms
sleep(1500);
// try again
response = application.func.general.curl(
url="https://api.stripe.com/v1/checkout/sessions",
method="POST",
params=sessionParams,
headers={
'Content-Type': 'application/x-www-form-urlencoded',
'Cache-Control': 'no-cache',
'Authorization': 'Bearer #local.api.secret#',
'Stripe-Version': local.api.version
},
paramsAsBody=false
);
}
if(!isDefined('response.json')) {
// writeDump(response);
/*
error_mail_here
*/
writeOutput(serializeJSON(response));
abort;
} else {
sessionResponse = response.json;
if(structKeyExists(sessionResponse, 'id')) {
writeOutput(serializeJSON({"id": sessionResponse.id, "clientSecret": sessionResponse.client_secret }));
abort;
}
}
writeOutput('{ "id": null}');
the error_mail_here block is where i dumped the response so i could paste it here
harsh trail
Can you DM me your origin/source IP address? We can check what we see in our logs to see if we are rejecting anything
harsh trail
Thank you. Also can you run this script from your server to see what it finds?
https://github.com/stripe/stripe-reachability
merry holly
this is on windows
roughly in powershell (gpt assisted)
function Run {
param (
[string]$Command
)
Write-Host "+ $Command"
Invoke-Expression $Command
}
function Check {
param (
[string]$Name
)
Write-Host "========================================"
Write-Host "Checking $Name..."
if (Invoke-Expression "Check_$Name") {
Write-Host "OK: $Name check"
} else {
Write-Host "ERROR: $Name check failed"
}
}
function Check_OS {
$uname = (uname)
switch ($uname) {
"Linux" { }
"Darwin" { }
default {
Write-Host "WARNING: not tested on $uname"
return $false
}
}
return $true
}
function Check_IP {
Run "curl -4 --write-out `n ifconfig.co/json"
}
function Dig_Short {
param (
[string]$Args
)
$output = (dig +short $Args)
if (-not $output) {
Write-Host "Error: command returned no output: dig +short $Args"
return $false
}
Write-Host $output
return $true
}
function Check_Route {
if (Get-Command mtr -ErrorAction SilentlyContinue) {
Run "mtr -n --report api.stripe.com"
} elseif (Get-Command traceroute -ErrorAction SilentlyContinue) {
Run "traceroute -n -m 20 api.stripe.com"
}
}
function Check_Curl_Https {
Run "curl -Iv https://api.stripe.com/healthcheck"
}
function GetHostByName {
param (
[string]$HostName
)
Run "python -c `"import socket; print socket.gethostbyname('$HostName')`""
}
function Auto_Test_All {
Check "OS"
Check "IP"
Check "Route"
Check "Curl_Https"
}
Auto_Test_All
seems on windows, is much simpler than that mess :
Test-NetConnection -TraceRoute -ComputerName api.stripe.com
Invoke-WebRequest -Uri https://api.stripe.com/healthcheck -Method Head
PS C:\Users\Administrator> Invoke-WebRequest -Uri https://api.stripe.com/healthcheck -Method Head
Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a receive.
At line:1 char:1
+ Invoke-WebRequest -Uri https://api.stripe.com/healthcheck -Method Hea ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
PS C:\Users\Administrator> Test-NetConnection -TraceRoute -ComputerName api.stripe.com
WARNING: Ping to api.stripe.com failed -- Status: TimedOut
WARNING: Trace route to destination 34.237.253.141 did not complete. Trace terminated :: 0.0.0.0
ComputerName : api.stripe.com
RemoteAddress : 34.237.253.141
InterfaceAlias : Ethernet 2
SourceAddress : X.X.X.X
PingSucceeded : False
PingReplyDetails (RTT) : 0 ms
TraceRoute : 0.0.0.0
100.100.100.1
10.64.9.189
10.64.4.29
206.82.104.132
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
api.stripe.com has never responded to ping tho
twilit runeBOT
merry holly
greeting duchess.
running this in powershell (forcing tls12 since powershell defaults to 1.1 i believe)
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri https://api.stripe.com/healthcheck -Method Head
results in this :
StatusCode : 200
StatusDescription : OK
Content :
RawContent : HTTP/1.1 200 OK
Connection: keep-alive
access-control-allow-origin: *
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Length: 66
Content-Type: text/plain; charset=...
Forms : {}
Headers : {[Connection, keep-alive], [access-control-allow-origin, *], [Strict-Transport-Security,
max-age=31556926; includeSubDomains; preload], [Content-Length, 66]...}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 0
stone nest
Hi there catching up
harsh trail
We aren't seeing any rejections from your IP in the last hour, so I am not able to see that request that you had that was rejected.
And interesting, even those basic commands are timing out.
merry holly
ping times out no matter what machine i try it from for api.stripe.com
linux or otherwise
powershell needed to be set to use a current tls version for that to work, but is powershell specific
running this in regular cmd prompt :
tracert -4 api.stripe.com
Tracing route to api.stripe.com [34.200.47.89]
over a maximum of 30 hops:
1 * * * Request timed out.
2 19 ms 20 ms 20 ms 100.100.200.1
3 1 ms <1 ms 1 ms 10.64.1.33
4 1 ms <1 ms 1 ms 10.64.4.25
5 1 ms 1 ms 1 ms www.uk2group.com [198.32.160.210]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
still testing up to 14th hop now, but i imagine they are likely all going to timeout
this is from a different machine :
C:\Users\xxxxx>tracert -4 api.stripe.com
Tracing route to api.stripe.com [34.200.47.89]
over a maximum of 30 hops:
1 <1 ms 8 ms 8 ms ec2-3-236-60-103.compute-1.amazonaws.com [3.236.60.103]
2 * * * Request timed out.
3 * * * Request timed out.
4 * ^C
C:\Users\xxxxx>tracert api.stripe.com
Tracing route to api.stripe.com [34.237.201.68]
over a maximum of 30 hops:
1 19 ms 1 ms 7 ms ec2-3-236-60-111.compute-1.amazonaws.com [3.236.60.111]
2 * * * Request timed out.
3 ^C
I don't think that server allows for pinging, so I'm getting similar results from a machine that can consistently make API calls
merry holly
This is a test from a linux machine I run (ip and host name of the machine are masked) :
the traces seem to have a lot of un-responsive/firewalled routers in-between.
harsh trail
Interesting, but that test seems to have connected properly anyways.
Gotta love how many places a network connection can go wrong
merry holly
right. i have connectivity from windows as well
once i set up powershell to test properly lol
the second test is from our linux box we are in the process of moving to
sorry. windows box - current live machine
3rd was regular linux ubuntu 24.04
i can test from more networks if you like. i have access to about 100 boxes i maintain -.-
twilit runeBOT
merry holly
greeting Rubeus
foggy linden
Hello! The ping and traceroute failures are expected, we don't respond to those for security reasons.
Can you try curl https://api.stripe.com/healthcheck and see what you get back?
merry holly
Hello! The ping and traceroute failures are expected, we don't respond to those...
makes sense
curl on windows ?
foggy linden
Yes, if possible. Or whatever the curl equivelent on Windows would be (sorry, haven't used Windows in years).
So maybe Invoke-RestMethod -Uri https://api.stripe.com/healthcheck would work?
merry holly
PS C:\Users\Administrator> Invoke-WebRequest -Uri https://api.stripe.com/healthcheck
StatusCode : 200
StatusDescription : OK
Content : api.stripe.com at your service! What can I do for you today? (Up)
RawContent : HTTP/1.1 200 OK
Connection: keep-alive
access-control-allow-origin: *
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Length: 66
Content-Type: text/plain; charset=...
Forms : {}
Headers : {[Connection, keep-alive], [access-control-allow-origin, *], [Strict-Transport-Security,
max-age=31556926; includeSubDomains; preload], [Content-Length, 66]...}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 66
#1301188084523859978 message <--- here. need to ensure powershell is set up to use modern ciphers.
foggy linden
Okay, cool, that's the expected response. Can you try that many times in a row to see if you hit any of the timeout/connectivity issues you're seeing in ColdFusion?
Trying to determine if the issue is unique to ColdFusion or if it's broader (machine, connection, etc.).
merry holly
second, let me make a loop quickly for this
i suspect it has something to do with sending headers to authenticate
foggy linden
I also found this, which might be of some use: https://stackoverflow.com/questions/1613038/coldfusion-cfhttp-i-o-exception-peer-not-authenticated-even-after-adding-cert
merry holly
ya, that is old.
Ssl3, Tls is default protocols used by powershell fyi lol
ok. that works --- i tested with a loop over a total of 30 times
foggy linden
Okay, so it's not your connection or machine, that's good to know. Found someone experiencing a very similar issue that was solved by upgrading the JVM ColdFusion uses: https://coldfusion.adobe.com/2019/06/error-calling-cf-via-https-solved-updating-jvm/
merry holly
oh wow.... just got this from my home computer :
foggy linden
That's a bit old as well, so may not apply, but might be worth a look.
Yeah, Stack Overflow just went down.
merry holly
figures lol
merry holly
jvm is current
well... let me check if a new one is available.
java 11.0.21 2023-10-17 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.21+9-LTS-193)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.21+9-LTS-193, mixed mode)
This person said upgrading to 12.0.2 solved their connection issues, might be worth a try? https://community.adobe.com/t5/coldfusion-discussions/getting-sporadic-quot-i-o-exception-peer-not-authenticated-quot-error-using-cfhttp/m-p/11275145#M185885
merry holly
inline, Charlie Arehart is well known in the CF community. Reason for sticking with 11 is because CF is built on Java, and unless we pay for the newer version and upgrade code/etc, best to stick to the major version for the CF release.
11.0.25 is the most recent
please give me a moment to update an reboot. it was a while since oracle updated java
my speed :
speed of upload to server ....
foggy linden
heh
merry holly
ok, it's installed. i think that may have been it -- i just noticed coldfusion was using the default jre, not the most recent one that was installed ( 11.0.21 )
the default jre is older.
ug h
ok. testing.
ya. seems lots more stable.
just hammered session creation, and didn't choke.
merry holly
give me a sec to check as i am curious as well
F:\server\coldfusion\jre\bin>java.exe --version
java 11.0.1 2018-10-16 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.1+13-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.1+13-LTS, mixed mode)
that is the latest that comes with coldfusion fully patched for cf2018
foggy linden
Interesting, thanks!
Were there any other outstanding questions, or are you all set now?
merry holly
C:\Users\Administrator>java --version
java 11.0.25 2024-10-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.25+9-LTS-256)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.25+9-LTS-256, mixed mode)
yes, that should be all. we do have a pending request to increase api call allotment as our site is rather busy. given this information, the bump doesn't need to be a lot
but def don't want customer transactions to break mid-way either
foggy linden
Yep, for sure, but our rate limits are quite generous and the vast majority of our users never hit them, even some of the larger ones with busy sites.
merry holly
if you have any communication to the decision makers for that, please bump my request.
25 on dev, and 100 for live ?
foggy linden
Those are the basic RPS limits for most requests, yes.
merry holly
we do have high volume, and over the holidays (well, approaching that), the volume is pretty high. through the year, i don't really see people hitting that, but over holidays.... possible
we have had throttles of sales from amazon before, and authorize.net which we had to bump
aside from that, we should be golden to launch this. need to do some more tests of course, minus the sleep() commands. good riddance lol
foggy linden
Yeah, always annoying when there are artificial delays!
merry holly
was doing what i thought i had to to get around the problem. thing is, i keep that current and have set it every time so i dont know how it got reverted, but was worth a look
when i saw it was using the cf distro version of java, ya. thats a big screw up. prior to that was cursing the stripe api for being too damn picky lol
i have learned my lesson. stripe api was fine. cf using older java was the problem
foggy linden
I'm just glad we were able to find and fix the issue. ๐
merry holly
same. the other problem this trailed from. i pass a freshly created coupon at order level, not product. but dont get any info in that during the webhook
only using one webhook
foggy linden
Ah, with Checkout? You'd need to fetch the Checkout Session with line_items expanded to get that detail, I think.