#andrew_error

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1374466161529458858

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello
I'm not familiar with this flow myself. When exactly are you seeing this error in the console?

Can you share the relevant code / screenshot so that I'm on the same page?

Can you add logging around your fetch to see if you're getting an error when making fetchStripeSignature() function call?

https://docs.stripe.com/stripe-apps/build-backend#send-a-signed-request

1 sec

I have added my code.

On line 7, I log the BASE_API I am trying to hit. Which is /test at the moment to debug.

On line 8, fetchStripeSignature() is not logged, I am not sure why.

The console shows line 53 in accountAPI error logging which I added for debugging.

do you see any other requests (to Stripe) that are failing in your network console prior to the API call?

these 2 are the only ones that have failed.
I am also attaching the network tab ordered by status.

Hi there 👋 I'm jumping in as my teammate needs to step away soon. I'm not familiar with what could be causing this error offhand, and am going to poke around to see if anyone has run into something similar before.

Out of curiosity, is this error only found when making requests to your endpoints, or do you see it for any requests (like some throwaway request to a Google endpoint)?

Let me try a throw away api

Same error .

Hhmm, okay. Thank you for testing that!

And are you using a Sandbox for any of your testing?
https://docs.stripe.com/sandboxes

I'm also pulling in my teammate who is more familiar with Stripe Apps to see if they know of something to check that I'm overlooking.

Yes I'm in a sandbox. Shall i try a test environment?

Not sure yet, just wanted to get that insight at this point.

From the manifest file for you app, can you share the URLs listed in ui_extension.content_security_policy.connect-src?

{
"extends": "stripe-app.json",
"ui_extension": {
"content_security_policy": {
"connect-src": [
"https://7d55-82-1-155-23.ngrok-free.app/api",
"https://7d55-82-1-155-23.ngrok-free.app/api/webhooks/stripe",
"https://7d55-82-1-155-23.ngrok-free.app/api/stripe/account/"
]
}
},
"constants": {
"API_BASE": "https://7d55-82-1-155-23.ngrok-free.app/api",
"STAGING_API_BASE": "https://7d55-82-1-155-23.ngrok-free.app/api"
}
}

If you hit https://7d55-82-1-155-23.ngrok-free.app/api/test you should get back "hello"

Ah, I think the problem is that the /test endpoint isn't explicitly in the manifest, and you don't end the first URL with a / so it's children aren't included.
https://docs.stripe.com/stripe-apps/reference/app-manifest#:~:text=URLs of permitted third-party APIs. If the URL ends in a slash%2C all of its children also receive permission. See Use third-party APIs for details

If you change:
"https://7d55-82-1-155-23.ngrok-free.app/api",
to:
"https://7d55-82-1-155-23.ngrok-free.app/api/",

do these requests start working?

No they are not working yet.

I have narrowed it down to the method fetchStripeSignature().

` try {

    console.log(API_BASE)
    const url = `${API_BASE}stripe/account/${userContext.account.id}`
    console.log(url)
    try {
        const signature = await fetchStripeSignature();
    } catch (error) {
        console.log("Error fetching signature:")
        console.log(error)
    }

`

What's in your manifest file now?

{
"extends": "stripe-app.json",
"ui_extension": {
"content_security_policy": {
"connect-src": [
"https://7d55-82-1-155-23.ngrok-free.app/api/",
"https://7d55-82-1-155-23.ngrok-free.app/api/webhooks/stripe/",
"https://7d55-82-1-155-23.ngrok-free.app/api/stripe/account/"
]
}
},
"constants": {
"API_BASE": "https://7d55-82-1-155-23.ngrok-free.app/api/",
"STAGING_API_BASE": "https://7d55-82-1-155-23.ngrok-free.app/api/"
}
}

One thing my teammate suggested, can you try adjusting your import statement to the following?
import {fetchStripeSignature} from '@stripe/ui-extension-sdk/utils';

Still returning the same error.

These calls in the network tab are returning 404 when requesting https://dashboard.stripe.com/v1/tailor/backend_signature

Is there something I can change in my config to help this?

Not sure yet, my teammate is trying to repro in a test app.

Hi hi! I’m going to be taking over for my colleague here. So there are a few things:

1. The "not found" error is correct - you are trying to retrieve a livemode Stripe App in a Sandbox, but that's not possible; and
2. https://docs.stripe.com/stripe-apps/enable-sandbox-support talks about how to set up your/a Stripe App for Sandbox mode.

The overall here is that it sounds like you need to configure an App in your Sandbox - the same way you do/did in your production account - so that you can test things in the Sandbox.

"you are trying to retrieve a livemode Stripe App" - How is this happening? There is no configuration to specify livemode access. I am installing into the sandbox from running "stripe apps start" then I am redirected to my browser to select an account. I selected the sandbox account so i could develop some changes for sandbox functionality.

In my manifest I added "sandbox_install_compatible" : true

Did you go through the onboarding process described in #2?

Also we don't support preview features in here, as their behavior is still variable and not as clearly documented - so in this case, your best bet might be to talk directly with Support.

okay. That's alright. Will contact them.
Thank you for your help. Really appreciated.