adityaj-webhook | Stripe Developers | Page 1

next heath Mar 16, 2022, 9:39 AM

#

hi! can you share the rest of the code?
and what's the issue exactly(what error do you get etc)?

drifting creek Mar 16, 2022, 9:40 AM

#

getting error message
"You are not permitted to configure webhook endpoints on a connected account. Did you mean to create a Connect webhook on your account instead?"

#

code is

$stripe_api = new StripeClient(
[
'api_key' => $secret_key, //access token received by oauth
'stripe_version' => '2020-08-27',
]
);

$data = [
'api_version' => '2020-08-27',
'url' => esc_url( get_home_url() . '/wp-json/cpsw/v1/webhook' ),
'connect' => true,
'enabled_events' => [
'charge.failed',
'charge.succeeded',
'source.chargeable',
'payment_intent.succeeded',
'charge.refunded',
'charge.dispute.created',
'charge.dispute.closed',
'review.opened',
'review.closed',
],
];

$response = $stripe_api->webhooks( 'create', [ $data ] );

next heath Mar 16, 2022, 9:42 AM

#

yep! as the error says, you're not allowed to do that.

#

you should never do that, you would create endpoints on your platform instead , that endpoint receives events from all your connected accounts https://stripe.com/docs/connect/webhooks#connect-webhooks

drifting creek Mar 16, 2022, 9:44 AM

#

One more thing i would like to confirm.
is there a way to retrieve secret key of connected account while Oauth
\Stripe\OAuth::token

next heath Mar 16, 2022, 9:50 AM

#

you should never be using OAuth

#

and you 100% should never be using the API keys like that

#

you should use the Stripe-Account header and your own API keys https://stripe.com/docs/connect/authentication

drifting creek Mar 16, 2022, 9:53 AM

#

I am using this api to onboard stripe user to my platform account.
https://stripe.com/docs/connect/oauth-reference

Connect OAuth reference

This reference lists available public methods for our OAuth endpoints for Connect.

next heath Mar 16, 2022, 9:53 AM

#

sure, but why?

#

https://stripe.com/docs/connect/standard-accounts is the current guide for that and it doesn't use OAuth

#

OAuth is the older way of doing this and it would only be used today for certain limited use cases where you are an extension that explicitly needs to read data from a user's existing Stripe account)

#

#

in any case even if you do use OAuth, never use the access_token

#

you don't need it, you only need the stripe_user_id , per the authentication guide I linked above, it's much easier than storing a bunch of secret keys in your database

drifting creek Mar 16, 2022, 9:57 AM

#

ok

#

let me try

#

actually we are creating an extension and we want user to use their existing account.
this guide says to create standard-account.
which is not our use case

can you suggest me better way for this condition, any code reference to charge account without using access_token

next heath Mar 16, 2022, 10:10 AM

#

then sure, you can use the OAuth approach https://stripe.com/docs/connect/oauth-standard-accounts

#

any code reference to charge account without using access_token
what does "charge account" mean?

drifting creek Mar 16, 2022, 10:11 AM

#

create any stripe transaction like charge refund etc.

#

currently i am using access token
for any api call

like this

$stripe_api = new StripeClient(
[
'api_key' => $secret_key, //access token received by oauth
'stripe_version' => '2020-08-27',
]
);

next heath Mar 16, 2022, 10:14 AM

#

I linked you to https://stripe.com/docs/connect/authentication which covers this in detail and how to use the stripe_account option

drifting creek Mar 16, 2022, 10:21 AM

#

ok i'll try that thanx

drifting creek Mar 16, 2022, 11:21 AM

#

I was looking into authentication url
but as we will be shipping our plugin to users. so will it be good idea to share stripe secret key? what else can be done?

silk jackal Mar 16, 2022, 11:26 AM

#

You'd guide your plugin users through the onboarding experience via the OAuth link

drifting creek Mar 16, 2022, 11:32 AM

#

yes we are doing that.
after authentication we are storing access_token and publishable key for further use.
but access_token is not able to create webhook_endpoints.

what is the prefered way to do that.
we can't share platform secret key with plugin

silk jackal Mar 16, 2022, 11:39 AM

#

You shouldn't be creating webhooks for connected accounts. You should be using a Connect webhook: https://stripe.com/docs/connect/webhooks

Connect webhooks

Learn how to use webhooks with Connect to be notified of Stripe activity.

drifting creek Mar 16, 2022, 11:44 AM

#

can you share some php code reference for creating connect webhook.

#

or any documentation link explaining same

silk jackal Mar 16, 2022, 11:45 AM

#

I just linked you the docs. Why would you need code? You'd just configure it in the Dashboard

#

You only need a single Connect webhook on your platform account

drifting creek Mar 16, 2022, 11:50 AM

#

we are creating a wordpress plugin for woocommerce and our plugin (extension) will be installed on clients website we are not having any centalized application where user can connect with api. and webhook url will change as per users website url.
we need to create a webhook that will respond to users website and further status on woocommerce can be updated.

#

i hope my use case is clear now.

silk jackal Mar 16, 2022, 11:54 AM

#

Well, you can't do that. You can't create a webhook for a connected account without their secret keys and you so never be storing them, really

#

You should instead have a single Connect webhook endpoint that processes events for all your connected accounts

#adityaj-webhook