#Pravin-webhook-403

1 messages ยท Page 1 of 1 (latest)

worldly scarab
#

Hello ๐Ÿ‘‹
Is this happening for specific event types or just random failures?

warped owl
#

i think its random

#

i have only account.update

worldly scarab
#

can you share the event IDs for the events that are failing?

warped owl
#

"id": "evt_1KiN17PHpfPJEP73tee58HtT"

#

"id": "evt_1KiqEbPTbhE4OC3ri4W7htK7"

#

"id": "evt_1KiqEgPTbhE4OC3rZScvTO5U"

#

all above are failed

worldly scarab
#

Okay thanks
Give me a few to look into it ๐Ÿ™‚

warped owl
#

sur

#

with same end point below are few success

#

"id": "evt_1KiuPCPIMw93sdDwSKcompt2"

#

"id": "evt_1KirrXPHKH9fzztpD4mYdaVZ"

#

"id": "evt_1KirBpPTbhE4OC3rnB7zhF8s"

worldly scarab
#

does your server use any middleware such as cloudflare or something similar?

warped owl
#

no. its not

worldly scarab
#

Okay. Are you performing signature verification server-side?
If so, do you see any errors in your server log by any chance?

warped owl
#

yea. i have verified that. we dont have any signature error on my server

worldly scarab
#

Interesting. Let me dig deeper

warped owl
#

sure

#

i am curious , coz its working for some events and failures for some

worldly scarab
#

Can you share the code for your webhook handler?

warped owl
#

public HttpStatus processStripeWebHookEvent(String sigHeader, String payload) {

    logger.info("Stripe Webhook event received");
    Optional<Event> webhookEvent;

    try {
        webhookEvent = Optional.ofNullable(Webhook.constructEvent(
                payload, sigHeader, paymentServiceSecretesManager.getSecretsManager().getStripePaymentServiceWebHookKey()
        ));
    } catch (SignatureVerificationException e) {
        logger.error(e.getMessage());
        throw new InvalidStripeWebhookSignature(HttpStatus.BAD_REQUEST.name(), e.getMessage());
    }

    if (webhookEvent.isPresent()) {
        awsSQSProducer.produce(webhookEvent.get());
        return HttpStatus.CREATED;
    } else return HttpStatus.FORBIDDEN;


}
#

==========================================

#

above code is processing event

#

======================

#

below is webhook end point

#

=================

#

HttpStatus webHook(@RequestHeader(WEB_HOOK_SIGNATURE_HEADER) String sigHeader, @RequestBody String payload) {

    logger.info("Stripe Webhook event received");
    return webhookOrchestration.processStripeWebHookEvent(sigHeader, payload);
}
#

@worldly scarab any luck?

worldly scarab
#

Not finding anything specific on our end. You'd likely need to review your network requests and add more logging to trace this as these seem to be coming form your server-side code

warped owl
#

Seems its throwing 403 from my code itself. but now i am not sure why webhook event is coming as null or empty

unknown.png
#

any idea on this?

worldly scarab
#

Umm I wouldn't say the webhook event is null or empty as the code may be throwing an exception for signature verification failure

warped owl
#

but i have handeled that exception

#

its not going inside that

worldly scarab
#

I'd add more logging before it hits that try catch block and see if its really nullor empty

warped owl
#

and how we are getting different signature in different events

#

is it possible ?

#

is there any way to find what what the signature for failed event

#

this happning only in live mode. not able to reproduce in test

worldly scarab
#

yeah signatures are unique per event

warped owl
#

thank you for all the details

#

ill do more analysis and come back if need anything

worldly scarab
#

NP! Good luck ๐Ÿ™‚