#isaacdailey_unexpected

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1417569857347518605

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

hello! can you explain more about how you're setting up payments and the error you're running into? what integration guide are you following?

typically we wouldn't throw a 500 error if you have the wrong secret key so i suspect you're maybe using some other package or service that uses the stripe SDK under the hood

Hello! We're setting up a payment flow for our application, InnerVue, and are encountering a persistent issue with API key validation.

Here's how our payment integration is set up:

Frontend (Initiating Checkout):

Users select a pricing tier on our PricingPage.
When a user clicks 'Get Started' for a tier, they are redirected to a Stripe-hosted Checkout Session.
We are using Stripe Payment Links (e.g., https://buy.stripe.com/cNifZia7R1mv2Bd0sQ7wA00) which are hardcoded in our frontend application (src/components/pricing/PricingPage.tsx). These links initiate the Stripe Checkout Session.

Backend (Post-Checkout Verification & Provisioning):
After a successful payment on the Stripe-hosted page, Stripe redirects the user back to our application's /welcome-paid route.
This redirect URL includes a session_id query parameter (e.g., /welcome-paid?session_id=cs_live_...).
Our frontend (src/components/auth/WelcomePaid.tsx) then makes a GET request to a Supabase Edge Function named verify-checkout.
This verify-checkout Edge Function is responsible for:
Retrieving the Stripe Checkout Session details using the session_id.
Verifying the payment status.
Provisioning the user in our database (updating their subscription tier, coaching credits, and recording the purchase).
Sending a welcome email.

The specific error we are running into is:
The verify-checkout Supabase Edge Function consistently returns a 500 Internal Server Error.
The logs from this Edge Function show the following error message: ❌ Stripe auth probe failed: Invalid API Key provided: (secret key follows) This error occurs during an initial stripe.balance.retrieve() call, which is intended as a test to ensure the API key is valid.

Troubleshooting steps we have already taken:
We have confirmed that the STRIPE_SECRET_KEY environment variable in our Supabase Edge Function is the correct secret key copied directly from our Stripe Dashboard.
The environment variable name is exactly STRIPE_SECRET_KEY (case-sensitive).
The "Viewing test data" toggle in our Stripe Dashboard is OFF.
There are no pending account activation steps or notifications in our Stripe Dashboard.
We have even tried generating a brand new secret key and updating it in Supabase, but the error persists.

We are not following a specific Stripe integration guide, but rather implementing a common pattern for post-checkout session verification using a serverless function. It seems to be a very specific issue with the API key validation within the Edge Function environment, despite the key being correct.

i don't know much about supabase specifically so i will have to speak in general terms. have you tried doing a simple thing like running the balance retrieval call using the same API key in a cURL request?

No prob! thank you so much for your help, general terms work!

I just did, and got an "invalid API key provided" error

hmm. are you doing this in test mode? can you try copy pasting the cURL on the right into some kind of terminal exactly and see if that works?
https://docs.stripe.com/api/balance/balance_retrieve?lang=curl

use the "click to copy" button and it should copy the cURL + your test mode secret key exactly as they should be sent

it's in live mode, not in test mode. Does that matter? we are testing the product in live mode with 100% off coupons— just want to make sure this isn't the thing causing issues

that probably isn't the cause per se, but you should test in test mode anyway (per our docs using live payment data for test payments is against our service agreement)

but if you get it running in test mode it should just work when you swap out for your live mode keys

understood! Thank you for letting me know about that, I'll switch it into test mode. This is for a client, so I'm going to have them add me to the stripe account so I can speed up this troubleshooting process

makes sense! and yeah, theoretically if you just copy + paste the live mode API key into that retrieve balance cURL i shared earlier that should just work too (as long as there's nothing weird happening like characters being added or removed), so you can try that too as a sanity check

but i would start with the test mode test i suggested earlier

alright, curl isn't supported within Bolt (have no clue why this is the case, super frustrating), but I am added as a user now so I'm going to switch to test mode

and just checking— should I use a sandbox or just enable test for everything?

sandbox is good too! that's actually the recommended path these days but i have a hard time remembering to change my language 😅