hello @rich wolf, i'd recommend checking your server logs to trace down where the error is occurring first and the exact error message

thank you for answering ,

i have testing my webhook by Stripe CLI on local server

And it works well

But I wanted to test it on live (Hosted endpoints) by ngrok.com

on my server logs

400 Bad Request

HTTP/1.1 400 Bad Request
Date: Thu, 28 Oct 2021 06:33:01 GMT
Server: WSGIServer/0.2 CPython/3.7.9
Content-Type: text/html; charset=utf-8
X-Frame-Options: DENY
Content-Length: 0
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin

There is no error in my code

I'm using the default visa for the test mode
Should the payment be from real Visa?

@rich wolf you don't need to use a real card. The 400 response has nothing to do with the card used. You need to add logging to your code to identify the code path that returned a 400 error

@require_POST
@csrf_exempt
def my_webhook_view(request):
payload = request.body
sig_header = request.META['HTTP_STRIPE_SIGNATURE']
event = None

try:
    event = stripe.Webhook.construct_event(
        payload, sig_header, settings.STRIPE_WEBHOOK_SECRET
    )
except ValueError as e:
    # Invalid payload
    return HttpResponse(status=400)
except stripe.error.SignatureVerificationError as e:
    # Invalid signature
    return HttpResponse(status=400)

# Handle the checkout.session.completed event
if event['type'] == 'checkout.session.completed':
    session = event['data']['object']

    customer_email = session["customer_details"]["email"]
    order_id = session["metadata"]["order_id"]
    print(order_id)
    order = Order.objects.all().filter(id=order_id, is_finished=False)

    if order:
        old_orde = Order.objects.get(id=order_id, is_finished=False)

        payment_method = Payment.objects.get(order=old_orde)
        payment_method.payment_method = "Stripe"
        payment_method.save()

        old_orde.is_finished = True
        old_orde.status = "جارى التنفيذ"
        old_orde.save()

        if "coupon_id" in request.session.keys():
            del request.session["coupon_id"]

return HttpResponse(status=200)

@sage hatch i have add my STRIPE_WEBHOOK_SECRET you mean that ?

you have these lines in your code, can you check which is the issue - invalid payload or invalid signature?

   except ValueError as e:
        # Invalid payload
        return HttpResponse(status=400)
    except stripe.error.SignatureVerificationError as e:
        # Invalid signature
        return HttpResponse(status=400)

yes

return

Invalid signature

No signatures found matching the expected signature for payload

@sage hatch How do I fix that?

firstly, can you log in your console and check if what you've configured for settings.STRIPE_WEBHOOK_SECRET matches that of your webhook endpoint in the Dashboard i.e.

please don't share your webhook secret here, just verify it on your end

same error , Does my account have to be activated?

that key in the screenshot is not the key you're looking for

you would want to go to https://dashboard.stripe.com/test/webhooks

assuming this is in test mode

and click into your webhook

you should then see the screenshot i previously provided whereby there should be a section that says Signing secret

Thank you for your effort
worked now ❤️

great!