#victoria.fabris - webhook

hi there!

Hi!

my error is SignatureVerificationError(message='No signatures found matching the expected signature for payload', http_status=None, request_id=None)

Hi there! Can you copy/paste the code so I can look at it in my IDE?

yes

    endpoint_secret = settings.STRIPE_WEBHOOK_SECRET
    payload = request.body
    signature = request.META.get("HTTP_STRIPE_SIGNATURE")
    if not signature:
        return Response(status=status.HTTP_401_UNAUTHORIZED)
    try:
        event = stripe.Webhook.construct_event(
            payload,
            signature,
            endpoint_secret,
        )
    except Exception as e:
        print(e)
        return Response(status=status.HTTP_400_BAD_REQUEST)```

Is the value for signature giving you anything back? or is it none

is not none, is giving me something

Can you check it manually?

https://stripe.com/docs/webhooks/signatures#verify-manually

yes

Just checking in. Were you able to figure out what was going wrong?

just finished doing this

idk if i get it right, but i have to check if the signature that i receive is the same as the one hasable manually

    payload = request.body
    payload = payload.decode(encoding="utf-8")
    header = request.META.get("HTTP_STRIPE_SIGNATURE")
    if not header:
        return Response(status=status.HTTP_401_UNAUTHORIZED)
    splited_header = header.split(",")
    timestamp = splited_header[0].split("=")
    signature = splited_header[1].split("=")
    signed_payload = str(timestamp[1]) + "." + json.dumps(payload)
    signature_expected = hmac.new(
        endpoint_secret,
        msg=signed_payload,
        digestmod=hashlib.sha256,
    )
    if not signature == signature_expected:
        return Response(status=status.HTTP_400_BAD_REQUEST)```

can you tell me if im doing it right?

That looks right. Were you able to confirm that thee expected signature matches the signature you're getting?

it throws an error

I mean when you print() the corresponding values in plaintext for each, are they identical? Which part is different?

Also, I would not recommend posting un-redacted signatures to chat.

i think im doing something wrong here

how can i fix that?

which value or line is throwing the error?

the hash part

        endpoint_secret,
        msg=signed_payload,
        digestmod=hashlib.sha256,
    )```

Taking over, I'm a bit confused by the ask here and why you're doing the verification manually?

ah it looks like my colleague told you to do this manually, please don't, ignore that part, it's really complex and not something I'd recommend

Let's take a step back: what is the issue and how are you testing (as in do you use the CLI)

idk, @summer peak told me too 😂

yeah sorry I think that was confusion overall

oh, ok!

ok, the issue is that it seems that the signature that im receiving from stripe its not accepted for the payload that im sending

yeah it's extremely common for many potential reasons

Step 1: How are you testing? With or without the CLI?

im testing through ngrok, and i added the webhook endpoint on my stripe dashboard

okay so no CLI

the point is, im receiving the events on the webhook

but it shows this error

The 2 most common issues are
1/ Using the wrong secret (it's not your Secret API key, it's the webhook endpoint's secret)
2/ Not passing the exact raw payload Stripe sends you. Any change to the content of the data will fail verification. Lots of frameworks try to be helpful and parse the JSON and that is preventing signature verification from working

where do i get his webhook endpoint secret? im using the secret api key

ah that's the problem

when you create the webhook endpoint, there's a secret right there in the UI

its the Signing secret?

this one below the endpoint name?

yes

ok, let me see if this works

okkk, now its not showing the error anymore

but its showing me an error here:

    payload = request.body
    signature = request.META.get("HTTP_STRIPE_SIGNATURE")
    if not signature:
        return Response(status=status.HTTP_401_UNAUTHORIZED)
    try:
        event = stripe.Webhook.construct_event(
            payload,
            signature,
            endpoint_secret,
        )
    except Exception as e:
        print(e)
        return Response(status=status.HTTP_400_BAD_REQUEST)
    events_to_watch = ["invoice.payment_failed", "payment_intent.succeeded"]
    if event["type"] not in events_to_watch:
        return Response(status=status.HTTP_200_OK)

    # getting the payment_identificator
    if event["data"]["object"]["object"] == "invoice":
        payment_identificator = event["data"]["object"]["custom_fields"]["value"]```

when i try to get the payment_identificator

i setted this earlier in another function as a custom_fields in my Invoice using modify()

(i can see this custom_fields on my dashboard, its saving just fine, its there in the object but i cant find to get it)

the error

i tried this so many times already 😩

sorry got pulled in something else

step 1: log the entire object and look at what's in it I would say

but custom_fields is an array or arrays so it's not how you access that field

try outside of the webhook handler first by just retrieving an Invoice

oohh, it worked! i accessed as payment_identificator = event.data.object.custom_fields[0]["value"]

my code is working now!

thank you so muchhhh

you are the best