greatBear - webhook signature verification | Stripe Developers | Page 1

bold obsidian Jun 29, 2022, 8:01 PM

#

Hello, what part of it do you need help with?

next vortex Jun 29, 2022, 8:02 PM

#

https://stripe.com/docs/webhooks/signatures

#

I used the code snippet and if triggers an exception error

#

I double checked the secret key

#

should work. But it doesnt

#

I have the same problem

#

Funny thing is I got an email relating to the disabling of my endpoint due to multiple unsuccessful attempts on part of Stripe on reaching my endpoint.

#

BUT in my dashboard the endpoint is still noted as ACTIVATED

next vortex Jun 29, 2022, 8:05 PM

#

next vortex I have the same problem

Are you using WordPress?

#

No

bold obsidian Jun 29, 2022, 8:08 PM

#

Do you have access to a Stripe dashboard? In that case would you be able to send me a en event ID (evt_123) that this webhook delivery failed on? https://dashboard.stripe.com/test/events

next vortex Jun 29, 2022, 8:08 PM

#

Possible cause I could think of is the loading time of my site. From what I can tell the stripe method is time sensitive. Any great delay in time could cause my key to fall outside the time margin

bold obsidian Jun 29, 2022, 8:08 PM

#

Wait, actually I see that you are saying that your server got an exception. So your endpoint is receiving our event messages. Can you send me your code for your webhook signature verification on your server?

#

@next vortex If you want to look at yours now, can you post details in the main #dev-help channel so that we can take a separate look there?

next vortex Jun 29, 2022, 8:11 PM

#

Im using Stripe CLI to test my code. I used command: $ stripe trigger payment_intent.succeeded

#

No event ID is shown

bold obsidian Jun 29, 2022, 8:13 PM

#

Are you using the webhook secret from the command line or from your dashboard?

#

They will be different and the CLI endpoint will need you to use its secret in your code while testing

next vortex Jun 29, 2022, 8:16 PM

#

Sorry, sorry. I have 2 command windows open. 1 for triggering events, one that is listening for incoming events

#

The latest event code is: evt_3LG7H7InbUE4z7S31L1b5pZu

#

I've save the secret code to my dB. I havent entered a custom secret key in my CLI commands

bold obsidian Jun 29, 2022, 8:27 PM

#

Do you know if your endpoint code is passing the raw request body in to your verify webhook signature call?

#

Also have you debugged your code to double check that your app is actually using the key that you set in your DB?

next vortex Jun 29, 2022, 8:27 PM

#

Yes it does pass the raw data

#

I hardcoded the key just to make sure

bold obsidian Jun 29, 2022, 8:28 PM

#

Can you show me your code (without the secret)?

next vortex Jun 29, 2022, 8:29 PM

#

Updated code

📎 SPOILER_code_sample.txt

#

$endpoint_secret = $this->get_option('endpoint_secret');
$sig_header = isset($_SERVER['HTTP_STRIPE_SIGNATURE']) ? $_SERVER['HTTP_STRIPE_SIGNATURE'] : '';
$payload = $event->get_body();
$raw = file_get_contents( 'php://input' );

    try {
        return \Stripe\Webhook::constructEvent(
            // $payload, $sig_header, $endpoint_secret
            $raw, $sig_header, 'SECRET CODE HERE'
        );

bold obsidian Jun 29, 2022, 8:40 PM

#

That does look like the standard code to get that. Trying to think of what might be happening here.

#

The two things that cause this really are just the raw body and the webhook secret. So it seems like something is subtly wrong with one of those

next vortex Jun 29, 2022, 8:49 PM

#

what if you ran some tests yourself. Im dying to know what results you get

#greatBear - webhook signature verification