s0__0 - CLI webhook secret | Stripe Developers | Page 1

fluid karma Apr 5, 2022, 3:41 PM

#

When you start stripe listen it should be part of the output

zinc siren Apr 5, 2022, 3:42 PM

#

it is equal to client_secret ?

fluid karma Apr 5, 2022, 3:44 PM

#

client_secret where?

#

Oh for the parameter where you verify the webhook signature? Yes, that is where you put the secret.

zinc siren Apr 5, 2022, 3:45 PM

#

#

my error is occur in line 23

#

Stripe\Exception\SignatureVerificationException: No signatures found matching the expected signature for payload in /home/xxxxxx/domains/xxxxxx.net/private_html/plugin/stripe_api/full/lib/Exception/SignatureVerificationException.php:28

royal iris Apr 5, 2022, 3:48 PM

#

Hi 👋 I'm stepping in for @fluid karma

zinc siren Apr 5, 2022, 3:49 PM

#

so i am just wondering if my $endpoint_secret is wrong, as i just copy from the webhook generator.

royal iris Apr 5, 2022, 3:49 PM

#

And you are using stripe listen?

zinc siren Apr 5, 2022, 3:49 PM

#

nope

#

i am using paymentIntents

royal iris Apr 5, 2022, 3:50 PM

#

But you mention above

how can i found my Stripe CLI webhook secret?

#

stripe listen is the CLI command for listening to webhook events

zinc siren Apr 5, 2022, 3:50 PM

#

what is stripe listen?

royal iris Apr 5, 2022, 3:51 PM

#

https://site-admin.stripe.com/docs/cli/listen

Stripe CLI Reference

#

WHen you run it, you will get a webhook signing secret value printed out in your terminal

#

that starts whsec_XXXXXXXX

zinc siren Apr 5, 2022, 3:51 PM

#

i think i am not using listen

#

i am not looking at this doc

royal iris Apr 5, 2022, 3:52 PM

#

Okay, so you have configured a webhook listener through the API or your Stripe dashboard?

zinc siren Apr 5, 2022, 3:52 PM

#

https://stripe.com/docs/payments/accept-a-payment?platform=web&ui=elements#afterpay-clearpay

Accept a payment

Securely accept payments online.

royal iris Apr 5, 2022, 3:52 PM

#

Okay what is it you are trying to do?

zinc siren Apr 5, 2022, 3:52 PM

#

in point 6 now

#

#

this is my webhook

#

in stripe, it tells me 400 error

royal iris Apr 5, 2022, 3:53 PM

#

Okay but you need to let Stripe know where to send the requests

#

Did you use the Dashboard webhook tool?

zinc siren Apr 5, 2022, 3:54 PM

#

yes!

#

i have register the url

#

and my programme gave a 400 error to stripe

#

Stripe\Exception\SignatureVerificationException: No signatures found matching the expected signature for payload in /home/yudansnet8/domains/yudans.net/private_html/plugin/stripe_api/full/lib/Exception/SignatureVerificationException.php:28

royal iris Apr 5, 2022, 3:54 PM

#

Okay, so that is a different webhook signing secret.

zinc siren Apr 5, 2022, 3:55 PM

#

zinc siren

i am just wondering if my secret is copy wrong

royal iris Apr 5, 2022, 3:55 PM

#

You will need to look in the Webooks table of the Developer page in your Stripe Dashboard.

zinc siren Apr 5, 2022, 3:56 PM

#

yes, i press retry several times, still 400

royal iris Apr 5, 2022, 3:56 PM

#

When you test out the Payment Intent, can you share any request IDs associated with those tests?
Here's how you can find a request ID: https://support.stripe.com/questions/finding-the-id-for-an-api-request

#

What is the error message you are seeing?

zinc siren Apr 5, 2022, 3:56 PM

#

pi_3KlEjvGRGdCFkMmo1wjSRy3a

zinc siren Apr 5, 2022, 3:56 PM

#

royal iris What is the error message you are seeing?

Stripe\Exception\SignatureVerificationException: No signatures found matching the expected signature for payload in /home/yudansnet8/domains/yudans.net/private_html/plugin/stripe_api/full/lib/Exception/SignatureVerificationException.php:28

royal iris Apr 5, 2022, 3:59 PM

#

Okay so have you tried copying your webhook secret from your Dashboard table?

#

Have you tried adding any sort of logging to your PHP webhook code?

zinc siren Apr 5, 2022, 4:02 PM

#

#

this is my webhook , just copying from stripe webhook generator

#

i have just only add insertErrorLog() for my error checking

royal iris Apr 5, 2022, 4:03 PM

#

Right, and that's fine if it's working for you. However, if you keep getting an error then maybe you need to change some things

zinc siren Apr 5, 2022, 4:03 PM

#

in line 7 , where can i find this key? or this is correct now?

#

this code is not fine right now, it say 400 in line 26

#

becuase of invalid signature

royal iris Apr 5, 2022, 4:06 PM

#

Okay so as I have said, you can find this key on your Dashboard. https://dashboard.stripe.com/webhooks

#

You click on your registered webhook and in the table it will have your webhook Status, the Events you are listening for the API version, and the Signing Secret. You will need to click "Reveal" to show the secret.

#

You can then copy/paste the value.

zinc siren Apr 5, 2022, 4:09 PM

#

oh got it! its fine right now

royal iris Apr 5, 2022, 4:09 PM

#

Great 👍

zinc siren Apr 5, 2022, 4:09 PM

#

#

can i add my parameter here, to reconize which order is paid when i receive a webhook?

#

or using PaymentIntent id is safer?

royal iris Apr 5, 2022, 4:12 PM

#

Adding an order ID is a very common use case for appending metadata to your Payment Intent:
https://site-admin.stripe.com/docs/api/payment_intents/create#create_payment_intent-metadata

zinc siren Apr 5, 2022, 4:16 PM

#

after webhook received success msg, do i have to check again with my database that the product info and price are match?

#

or i can trust all the data in webhook with not only the success status?

royal iris Apr 5, 2022, 4:19 PM

#

The entire payment intent object will be returned in the webhook data payload so you can inspect it there if you wish. I would test it out and make sure the behavior is what you expect.

zinc siren Apr 5, 2022, 4:23 PM

#

okok many thanks

#s0__0 - CLI webhook secret