medusa icon indicating copy to clipboard operation
medusa copied to clipboard

Published 20 hours ago verified publisher icon medusajs

`medusa-payment-stripe`: Stripe webhook `payment_intent.succeeded` call receiving 400 error response

Open gregorymark opened this issue 3 years ago • 2 comments

I'm running [email protected] and I've set up the webooks in Stripe to call https://mydomain.com/stripe/hooks. The events I've activated are

  • payment_intent.amount_capturable_updated
  • payment_intent.payment_failed
  • payment_intent.succeeded

as these seem to be the only ones set up so far (on a side note a bit more info here would be useful, but arguably that's more to do with Stripe than Medusa). The plugin is set up with my STRIPE_WEBHOOK_SECRET=we_.....

In the Stripe dashboard under webhooks it keeps retrying the URL for payment_intent.succeeded and I'm getting a 400 error and

Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

I believe this is why the payment is still registered as uncaptured despite having been captured in Stripe (I have it set up to automatically capture payments).

I'm not familiar enough with Express to work out if the call in https://github.com/medusajs/medusa/blob/2eb2126fe348565721e05e6f0da01c46bad6185a/packages/medusa-payment-stripe/src/api/routes/hooks/stripe.js#L7 is the issue or if sending a raw response is covered elsewhere.

gregorymark avatar Jun 07 '22 13:06 gregorymark

The stripeProviderService.constructWebhookEvent does invoke the stripe sdk method stripe_.webhooks.constructEvent that throws the error if the signature doesn't match your configured secret.

The error generally occur in two cases:

  • if the secret doesn't match the provided signature. Are you sure you have configured the webhook secret correctly.
  • It could also happen due to the way the request body is parsed if it's parsed as json before passed to the method, however the middleware for the stripe endpoint should be in place to ensure this happens. Could you have setup a middleware in front of the medusa-api to parse all bodies to json?

pKorsholm avatar Jun 28 '22 09:06 pKorsholm

@gregorymark Did you manage to resolve your issue? And if so, was it due to any of the two cases mentioned above?

olivermrbl avatar Jul 04 '22 08:07 olivermrbl

Hi there. We highly appreciate you filing an issue and showing an interest in improving Medusa.

I apologize for the delayed response.

Moving forward, we aim to do better. But we would like to start fresh. Therefore, we are considering all older issues as stale and closing them, even though they might still be relevant.

Please don’t hesitate to re-open the issue (or create a new one) if you still need a resolution or an answer.

Thanks ❤️

olivermrbl avatar Dec 06 '23 08:12 olivermrbl