Anjan-webhooks-salesforce | Stripe Developers | Page 1

fickle ore Apr 7, 2022, 4:17 PM

#

hello, how is the Salesforce endpoint authenticated?

azure bone Apr 7, 2022, 4:19 PM

#

It needs a token in the header of the request.

#

Currently what I get is Invalid Session ID

fickle ore Apr 7, 2022, 4:26 PM

#

yeah our webhooks don't support any custom headers being sent with them

#

so you'll have to build your webhook endpoint at a place that doesn't require header based authentication

azure bone Apr 7, 2022, 4:56 PM

#

Hmm .. So we have to build a public site and expose this rest endpoint

#

Any sample code to verify signature or secret to trust the message on the Salesforce side ?

fickle ore Apr 7, 2022, 4:59 PM

#

yes

#

https://stripe.com/docs/webhooks/signatures

azure bone Apr 7, 2022, 5:13 PM

#

I am able to get signature from the request but what would be the next thing ? Should I prepare signed_payload on the salesforce side ?

fickle ore Apr 7, 2022, 5:22 PM

#

you have to verify the signature, most stripe server libraries incorporate a helper to do that

#

the doc I linked you has all the steps

azure bone Apr 7, 2022, 5:31 PM

#

Do I make a call from salesforce to strip to verify again ??

#

Another API to call hit stripe and verify .. looking at ways to verify on salesforce itself

fickle ore Apr 7, 2022, 5:33 PM

#

not sure I understand what you mean

#

basically all it is is that Stripe sends a webhook evnet to your endpoint

you verify signatures to verify it was from Stripe

you respond with a 200 HTTP status code to let Stripe know "you've received the event!"

and then you process the event in your code whether that endpoint does it or you talk to your Salesforce endpoint to do the actual processing

#

let me know if that helps!

#

a colleague is stepping in but feel free to ask more qs

azure bone Apr 7, 2022, 5:39 PM

#

If all what I needed is in teh request then no need to make callout to stripe. Which is good news. I just need to figure out how I could generate load and verify.

#

If there is a sample code to verify signatures on salesforce/apex, please share along.

fierce spade Apr 7, 2022, 5:40 PM

#

Hi 👋 I'm stepping in for @fickle ore

#

I don't think we have docs specific to Salesforce/Apex on verifying webhook signatures.

azure bone Apr 7, 2022, 5:42 PM

#

ok

#

Do I need signing secret on the webhook to compare the signatures ?

fierce spade Apr 7, 2022, 5:43 PM

#

As our docs provided mention, you need the raw request body, the signing secret from the webhook, and the Stripe signature header.

azure bone Apr 7, 2022, 5:43 PM

#

Now I have the body, secret from webhook and signature header

#

just need to figure out how I can compare and verify

fierce spade Apr 7, 2022, 5:45 PM

#

Can you use any of the Stripe libraries (PHP, Python, Go, etc.)?

azure bone Apr 7, 2022, 5:47 PM

#

I have to use apex on the salesforce side

fierce spade Apr 7, 2022, 5:52 PM

#

In that case you should review the section in our doc about verifying signatures manually: https://stripe.com/docs/webhooks/signatures#verify-manually

azure bone Apr 7, 2022, 5:57 PM

#

When you say manually, I need follow step 1 through 4 in the doc you shared ?

fierce spade Apr 7, 2022, 5:58 PM

#

I'm saying you should thoroughly review the doc I shared and make sure you clearly understand it before attempting to build anything.

azure bone Apr 7, 2022, 6:03 PM

#

OK

#

Thanks !!

#Anjan-webhooks-salesforce