#kanohn_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1311418214218989609

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello

Hi

Where do you see that error exactly? In your webhook handler?

this started today

almost months without any issue

yes, webhook section

my keys still the same

Okay well that 400 error is a direct response from your own server.

Have you looked at the line of code in your server that returns that 400 error?

yes

Can you share your Webhook handler code?

moment

try {
    $event = \Stripe\Webhook::constructEvent(
      $payload, $sig_header, $stripe_endpoint_secret
    );
} catch(\Stripe\Exception\SignatureVerificationException $e) {
    // Invalid signature
    echo 'Webhook error while validating signature.';
    error_log('Test2.');
    http_response_code(400);
    exit();
}```

it printing here

on my nginx

i can share the full code

do you need that?

Okay can you print out the actual error itself?

what do you mean? the error is that

No that is what your code is sending back. Print out the exception -- $e in this case.

ok!

i'll do that now

Yep let me know what that says.

ok i've got the error on my error.log

Stack trace:
#0 /var/www/vendor/stripe/stripe-php/lib/WebhookSignature.php(68): Stripe\Exception\SignatureVerificationException::factory()
#1 /var/www/vendor/stripe/stripe-php/lib/Webhook.php(29): Stripe\WebhookSignature::verifyHeader()
#2 /var/www/pages/stripe_report.php(49): Stripe\Webhook::constructEvent()
#3 /var/www/system/load.page.php(7): include('/var/www/pages/...')
#4 /var/www/index.php(37): include_once('/var/www/system...')
#5 /var/www/stripe_report.php(5): include('/var/www/index....')
#6 {main}" while reading response header from upstream, client: 3.130.192.231, server: miracle74.com, request: "POST /stripe_report.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:", host: "miracle74.com"```

Hmm 🤔

it's weird, just started today this. maybe outdated autoload?

should i remove my actual webhook and create another one to test? on stripe

First thing I would do is see if you can reproduce this in test mode.

That error indicates that there is too great of a difference between the header's timestamp and the current time....

I wonder if there is an issue with your server where it is throttling or something?

hmmm, no issues i noted, i'll check some what date prints on the server

qua 27 nov 2024 16:53:37 -03

i'll try to reproduce this on test mode

Yep seeing if you can reproduce on test mode would be the best next step as then we can fully debug if you can do that.

alright, i'm doing that and back to you! 🙂

thanks

Sure thing

I see that there are recent version of API

should i select the older one? (for webhook)

(test mode)

You should use the same version as whatever your livemode endpoint is set to. If you need to specify an older version you can do that by creating the endpoint via the API: https://docs.stripe.com/api/webhook_endpoints/create#create_webhook_endpoint-api_version

alright. my version for live mode is from 2022

i'll setup and test

Hello

I'm getting the same error on test mode

Can you print out the $sig_header variable in your code as well as the current time on your machine when you get the event? I am looking in to this error, I forget what the tolerance for difference in timestamps is.

Alright! moment

#6 {main}sig header: t=1732739367,v1=8e8df7ff9a0892596b1346170b9047c42b8073461ccddbac643e046e6ac93509,v0=61a080b17851c035e5746ae115c288041d3a1154568229312930df712b856006

time received: 1732739065```

Gotcha. What is strange is that in our code for your stripe-php version, we aren't supposed to throw this error unless you set a tolerance in your constructEvent call https://github.com/stripe/stripe-php/blob/v10.21.0/lib/WebhookSignature.php#L66-L71

hm

weird thing is it start to happen today

kk

without any changes from my end

Yeah, not sure why that may be. One more thing, can you try putting a breakpoint within that constructEvent function to see if tolerance is set to anything when it is being called? I am wondering if I am missing something and it actually is set to something somehow

this is how i'm sending the event

$payInfo = $stripe_payments[$payId];  
        require_once('./vendor/autoload.php');
        \Stripe\Stripe::setApiKey($stripe_secret_test_key);
        
        $custom = $account_logged->getID() . '_' . $config['site']['server_name'];
        $checkout_session = \Stripe\Checkout\Session::create([
            'line_items' => [[
                'price_data' => [
                  'currency' => 'brl',
                  'product_data' => [
                    'name' => ''.$payInfo['premium_points'].' Points - '.$config['site']['server_name'].' Online',
                    //'description' => ''.$payInfo['premium_points'].' Premium Points - ',
                  ],
                  'unit_amount' => $payInfo['money_amount'],
                ],
                'quantity' => 1,
            ]],
            'metadata' => [
                'custom' => $custom,
            ],
            'mode' => 'payment',
            'success_url' => $stripe_return_url,
            'cancel_url' => $stripe_cancel_url,
            //'payment_method_types' => ['card'],
            //'customer_email' => $account_logged->getEMail(),
        ]);

        header("HTTP/1.1 303 See Other");
        header("Location: " . $checkout_session->url);```

Hmm, how i could do that?

you mean on this piece of code?

try {
    $event = \Stripe\Webhook::constructEvent(
      $payload, $sig_header, $stripe_endpoint_test_secret
    );
} catch(\Stripe\Exception\SignatureVerificationException $e) {
    // Invalid signature
    echo $e;
    echo "sig header: ".$sig_header;
    echo "time received: ".time();
    error_log($e);
    http_response_code(400);
    exit();
}```

(on my stripe report)

Ah here we go, we do default it to 300 seconds (5 mins) https://github.com/stripe/stripe-php/blob/v10.21.0/lib/Webhook.php#L7

And the difference between your two timestamps is 302 seconds which is just outside of that tolerance

So it is possible that clock drift brought your server just out of sync enough with Stripe's time to where it became an issue

hmm..

What i do not understand, is everything is done within seconds, like - sending to stripe and receive the webhook from stripe, not reaching 302 seconds at all

but i got what you said

Do you think in something that caused this issue? ah moment..

on my server its reporting 17:37

but now on my home machine its 17:43

qua 27 nov 2024 17:37:27 -03

Yeah, it looks like the server's clock may genuinely be 5 minutes behind. Your home machine's timestamps match up with Discord, my machine, and Stripe's timestamps.

it's weird, i did dpkg-reconfigure tzdata but it does not set the correct data

i'll try to fix that

thank you for support