#prasun_webhooks

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1333409764977279028

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

The only way is to either have separate Stripe accounts, or utilise metadata and then filter the events in the webhook logic according to that

The error returns "Invalid Signature". The way it is handled.

try {
$event = Webhook::constructEvent($payload, $sigHeader, $endpointSecret);

        $session = $event->data->object;

} catch (SignatureVerificationException $e) {
Log::info("SignatureVerificationException " . $e->getMessage());
return response()->json(['error' => 'Invalid Signature'], 400);
}

is it possible to prevent before webhook is triggering?

If you have an invalid signature error then that would suggest you have different webhook endpoints that point to the same domain?

In which case, why not just have two separate webhook endpoint URLs?

There is a product that is being sold from https://abc.com which is a subscription.

Another product is being sold from https://xyz.com which is also a subscription.

The webhook url https://abc.com/stripe-webhook is connected with https://abc.com.

There are checkout.session.completed and invoice.payment_failed events are used.

Now, while the subscription is running every month, the request from https://xyz.com is being triggered through https://abc.com/stripe-webhook, which is not intended; however, the request coming from https://xyz.com triggers the event that is correct.

the requirement is not trigger the event for the subcription of the products which is being sold from https://xyz.com.

Please don't talk in domains – are they using the same Stripe accounts?

Yes

Then this is unavoidable unfortunately

See

Understood. but since both are using same stripe accounts and one has stripe webhook secret and other one does not have, in that case invalid signature error is coming. how it can be handled?

I don't understand why you have two different webhook endpoints configured for the same URL? Just use one, and the the signing issue won't be a problem

No
A single webhook endpoint is configured which is for the products subscribing from one application and it triggers the events.
When a subscription is running for the other products that also triggers events of this same webhook.

Then I don't understand why you have a webhook signing error assuming you're using the same code?

But yes, it's expected that all events (like payment_intent.succeeded) will be sent to all webhook endpoints on the account that listen for that event type. If you have multiple businesses/sites that use a single Stripe account then this might be problematic

Yes, I am using same code.

Hey, taking over here. Let me know if there's any follow-up Qs I can answer!

I believe you already gone through all the conversations done.

How to do that? Is there any documentations?

No there is no particular documentation for this.

can you please share any code snippets?

Sorry I don't have currently some on hand

The recommended flow is to have different Accounts for each website

You can learn more about this here:
https://docs.stripe.com/get-started/account/multiple-accounts#:~:text=You must use,your existing account.