#jude-webhooks

hello, have you pasted in the correct webhook signing secret into your webhook handler code?

I'm pretty sure I have

is there any way I can check if its the correct one

I am trying to make sure its correct currently

yeah you compare it to what you have in the Stripe Dashboard (I assume you set up your webhook endpoint in the Dashboard and not Stripe CLI)

yeah I have one set up under "Endpoints receiving events from your account"

and that's the wh secret i have used

what code are you using? paste just your webhook endpoint function here

@app.route('/stripe-webhook', methods=['POST'])
def stripe_webhook():
# You can use webhooks to receive information about asynchronous payment events.
# For more about our webhook events check out https://stripe.com/docs/webhooks.
webhook_secret = os.environ.get('STRIPE_WEBHOOK_SECRET')
request_data = json.loads(request.data)

if webhook_secret:
    # Retrieve the event by verifying the signature using the raw body and secret if webhook signing is configured.
    signature = request.headers.get('stripe-signature')
    try:
        event = stripe.Webhook.construct_event(
            payload=request.data, sig_header=signature, secret=webhook_secret)
        data = event['data']
    except Exception as e:
        print(e)
        traceback.print_exc()
        return e
    # Get the type of webhook event sent - used to check the status of PaymentIntents.
    event_type = event['type']
else:
    data = request_data['data']
    event_type = request_data['type']

That's the main part of it that the problem is coming from (I think)

Theres more code to the webhook endpoint but its just to handle different event types

you can log out webhook_secret and it is getting the right signing secret from your environment variable?

don't need to paste it here, just confirming

I'll check , 2 seconds

yes

the webhook secret is as expected

so I'm not Python expert but

            event = stripe.Webhook.construct_event(
                payload=request.data, sig_header=signature, secret=webhook_secret)

shouldn't that be passing payload=request_data ?

going off of https://stripe.com/docs/webhooks/signatures#verify-official-libraries

on top of that I would also log out signature in your code to make sure it is getting the header

yes I have logged out signature and it seems to get it

it could be request_data

I just copied the code from

https://stripe.com/docs/billing/subscriptions/elements#webhooks

which has it with .data

I'll try what you said 2 seconds

it does make sense

I would try the doc I linked for now, I do see the dos are kinda different between the two though, so just trying to rule out which one works and why the other does not (if it is a code snippet issue)

I had tried to use this code instead for getting the signature but I got an error with the use of "META"

*I did this earlier

I still get the error when using request_data instead of request.data

yeah I think you need to do request.data my bad

hmm wait

so this guide https://stripe.com/docs/webhooks/signatures#verify-official-libraries

says to use request.body so let's try that fully (comment out your current code just in case) and use this one

okay but I will get the signature the same way as I don't think request.META works for Flask

seems to be for Django

Yeah I get "AttributeError: 'Request' object has no attribute 'body'"

ah you're using Flask

I think this is becuase the request object seems to be different for Django

most documentation is for flask

ok then most of the Django stuff would not be very relevant esp the syntax

but that specific one is Djanho

yeah

I have the same endpoint

receiving events from connect applications as well as from my account

so the webhook secret is different

depending on which account

I think

although

It still doesn't seem to work

hmm how do you know which webhook secret to use?

like how do you know if it is a Connect webhook event vs an Account webhook event

I assume you're probably looking at something in the event body first, then deciding?

tbh I didn't know I had to distinguish them

So I hadn't been

but looking at them on the dashboard I can see different events being sent

and ofc the related webhook secret is different depending on who sent it

for simplicity, I would keep it two different endpoints

or disable one and keep the other

and build your webhook handler code against only one endpoint first

and get that working

Yeah I thought it was working the other night when I tested the subscriptions

you might have to dig into Flask docs for how you reference the event body or how you reference the HTTP headers etc

I can get the signature object etc

that seems to work as expected because I logged it

it just seems to not match the wh secret

I'm going to try check if it's just because of the connect account thing

yeah I would isolate to only one webhook endpoint (and disable the other) to narrow it down further

I think that is my problem yes

I didn't realise that it worked like that sorry

I'll have to create two webhook endpoints

and distinguish

I'll try implement that and see how it goes, Thanks for your help!

all good! yeah easy thing to miss but ideally you have separate endpoints for both, Connect and Account webhooks