#TzarBuba-webhook-signing-secret

Hey! Can you share your webhook handler code?

The signature signing process can be very convoluted depending on framework, environment, etc

express skipping /webhook

app.use((req, res, next) => {
    if (req.originalUrl === '/webhook') {
        next();
    } else {
        express.json()(req, res, next);
    }
});

endpoint

    // app.post('/webhook', (req, res) => {
    let event;
    const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
    if (webhookSecret) {
        const signature = req.headers['stripe-signature'];

        console.log(req.body);
        console.log(signature);

        try {
            event = stripe.webhooks.constructEvent(req.body, signature, webhookSecret);
        } catch (err) {
            // On error, log and return the error message
            console.log(`❌ Error message: ${err.message}`);
            return res.status(400).send(`Webhook Error: ${err.message}`);
        }
    }

    // Successfully constructed event
    console.log(':white_check_mark: Success:', event.id);
    console.log(event);

    // Handle the event
});```

you mean this code?

not the best format for reading

I'm trying this on local env

Is process.env.STRIPE_WEBHOOK_SECRET definitely set? Are you using Stripe CLI?

wanting to hit payment_intent

2022-01-10 12:59:17 --> payment_intent.created [evt_3KGLasJwGZkZkKXw0zxRqvvp] 2022-01-10 12:59:17 <-- [400] POST http://localhost:4242/webhook [evt_3KGLasJwGZkZkKXw0zxRqvvp] 2022-01-10 12:59:19 --> payment_intent.succeeded [evt_3KGLasJwGZkZkKXw0HqHeKE4] 2022-01-10 12:59:19 <-- [400] POST http://localhost:4242/webhook [evt_3KGLasJwGZkZkKXw0HqHeKE4] 2022-01-10 12:59:19 --> charge.succeeded [evt_3KGLasJwGZkZkKXw08rsTs9F]

yes, it is present

Are you using the signing secret that is generated by the CLI when you start stripe forward?

It'll spit it out

I'm not sure, I typed stripe login --api-key sk_test_my key from dashboard...

then stripe login --forword-to localhost:4242/webhook

i think there was a browser verification for login and there i did the webhook secret

That isn't really a valid command. Should be stripe listen --forward-to: https://stripe.com/docs/cli/listen

stripe listen --forward-to http://localhost:4242

Anyway, after you type that there'll be a signing secret dumped into your console that will look like whsec_xxx

That's the value needed for process.env.STRIPE_WEBHOOK_SECRET

ok yeah, this could be it

my .env STRIPE_WEBHOOK_SECRET=sec_...

it should be whsec

how can I get the webhook secret?

You'll see it in your terminal/console after you initialise stripe listen:

Your webhook signing secret is whsec_xxx (^C to quit)

oooohh yeah

i see it now

apparently I didn't copy this secret correctly...

this is embarrassing, will try now

Happens to the best of us 😄

omg, yeah...

it works like a glove

        case 'payment_intent.created': {
            console.log('|||||||||||||||||||||||||||||||||');
            break;
        }
        default: {
            // Unexpected event type
            console.log(`Unhandled event type ${event.type}`);
            res.status(400).end();
            break;
        }
}```
I'm getting the pipe console log

I need a small walk...

Thank you very much for helping me

really appreciating you

btw I'm doing the stripe dev challenge and probably will write more in this channel

Glad to hear it! We're here round the clock

❤️