#gecko - Webhooks

Hello! How can we help?

Hi Rubeus....

I'm trying to get my production webhook working

when I look in the stripe dashboard, it seems to show that no hooks have occurred

I'm sending test checkout sessions through, and getting session completions, but without a webhook event firing, either from my side (don't see one) and the dashboard, saying there aren't any

want a session ID?

In your Stripe Dashboard, when you're looking at the webhook endpoint you set up, there should be a we_ ID in the top right. Can you give me that ID so I can take a look?

A Checkout Session ID would work too. 🙂

session_id=cs_test_a1BFflxWQAGz5AFL4KPmLIsqZbQWR25YPYNwEtZ87oiv0PTXiVmooMfdGh

we_1KntKmDeb8L7gMec85iZcLv4

Looking, hang on...

It looks like no Checkout Sessions have completed successfully since you set up that webhook endpoint, so no events that match it have been generated yet.

this session ID was just done literally 2 minutes ago

That Checkout Session was in test mode, but your webhook endpoint is set up in live mode.

You do not currently have a test mode webhook endpoint set up.

i was told from a prior chat in stripe here, that I could use test transactions on a live production webhook....since the test webhook relies on a local port sensing scheme

you're saying I cannot run test transactions on the production webhook, and I can't setup a test webhook, without breaking the code for the usage of the https webhook entrypoint?

That's not correct. There are Connect scenarios where a live mode Connect webhook endpoint will receive test events from connected accounts, but that's not the case here. You're not using Connect in this scenario, so if you want to receive test events you need to set up a webhook endpoint in test mode.

and I can't setup a test webhook, without breaking the code for the usage of the https webhook entrypoint?

Not sure what you mean here, can you provide more details?

ok I see that there is a way to add one

i was told by chat earlier this wouldn't work, thx

i think I'm set

Sounds good! Sorry about the misunderstanding earlier!

so help me double check please

we_1KoDatDeb8L7gMeczTOjtdB2

this is the test webhook

i sent another transaction through, and it should have created a checkout session

i see events created, but no log on the hook

Yep, and the Checkout Session was completed and generated a checkout.session.completed event, which you can view in your Dashboard here: https://dashboard.stripe.com/test/events/evt_1KoDevDeb8L7gMecnXPqEQr2

You're not seeing the delivery attempt there? An attempt was made, but it was not successful.

yes, I'm not seeing it

so I was wondering if you saw 200 response or not

looks like no

To clarify, you're not seeing the delivery attempt in the Stripe Dashboard at the link above?

i see the link you posted

it shows an error

i don't see it arrive on my serverside

You can click on that > to see details about the error.

That's correct, we attempted to send it, but we could not connect, so you wouldn't see it on your server.

yep ok

it says tls error

Yep. You can go to https://www.ssllabs.com/ssltest and plug your hostname in there to see details about why delivery failed.

doesn't seem to show errors... 😅

in fact I'm servicing https traffic long before I get to the webhook, so I think that part looks ok

B

What's your overall rating there?

B

Yeah, B isn't going to cut it. You typically need an A rating or Stripe will consider the connection insecure.

You need to resolve the issues shown on that report to get to an A rating and then try again.

ok then that tells me what I need to fix

🙂

thx

ok I have an A now 🙂

Awesome! If you try again does the event get delivered as expected?

trying now... 🙂

ok I get the hook at least...now I need to debug further 🙂

thx for the pointers

No problem!

    try {
        event = stripe.webhooks.constructEvent(
            payload,
            sig,
            STRIPE_WEBHOOK_ENDPOINT_SECRET,
        );
    }

the secret is the whsec, right?

Yep!

hmm

StripeSignatureVerificationError: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?

Note that every webhook endpoint has a unique secret; make sure you're using the one from the specific webhook endpoint the event is coming from.

yeah I double checked this is the test hook and matches

evt_1KoEC3Deb8L7gMecd2nLY2Mk

Also note that, with Node, it's very common for middleware to modify the raw request body before you can get to it. In order for webhook signature verification to work the raw, unaltered body must be used. Can you try moving your webhook handler route above other middleware and see if that fixes the issue?

i thought the use of the raw parameter in the callback handles that problem?

it's why I added express.raw()...

It is supposed to, yes, but only if the raw body hasn't been modified before that point.

lovely

Yeah, getting the raw body in Node is surprisingly difficult sometimes, and there's not always a clear solution. If moving your webhook route above your other middleware doesn't work you can look through this thread for other approaches that may work: https://github.com/stripe/stripe-node/issues/341

perfect I found it

all working beautifully, thx!

Amazing! 🙂

If you have a moment I'd love to know what worked for you?