Payment Stripe Error

[talmax1124]

Once, I set the payment, it shows this error:

Error: not allowed: {"response":{"errors":[{"message":"not allowed","extensions":{"code":"403","path":["orders"]}}],"data":{"orders":[]},"status":200},"request":{"query":"\n query OrderSessionIdQuery($id: String!) {\n orders(first: 1, stage: DRAFT, where: { stripeCheckoutId: $id }) {\n id\n orderItems {\n id\n product {\n images {\n id\n height\n url\n width\n }\n name\n }\n quantity\n total\n }\n total\n }\n }\n","variables":{"id":"cs_test_a1YNicvic2rA6IXuYzYBcSqcdZDT54w5XErQUolix5LSuLDeOrkO09FFq9"}}}

I am thinking because I didn't setup the Stripe Webhook. I don't know how to do that.

[DanielAtCosmicDNA]

If the order creation mentioned at https://github.com/hygraph/hygraph-commerce-starter/blob/a75467e563d9d43f880a02ebc16177d0fa956403/pages/api/stripe/webhook.js#L18 failed for any reason, querying the order with the resulting id from stripe API will not find a match in Hygraph database, therefore triggering the runtime error you mentioned.

I experienced exactly the same problem that seems to be associated with the version of the Stripe API because triggering the event checkout.session.completed results in the following error:

Failed to trigger event: checkout.session.completed. Trigger failed: Request failed, status=400, body={
  "error": {
    "message": "You cannot use `line_items.amount`, `line_items.currency`, `line_items.name`, `line_items.description`, or `line_items.images` in this API version. Please use `line_items.price` or `line_items.price_data`.",
    "type": "invalid_request_error"
  }
}

And looking at the Release Notes of the most recent Stripe API version, I noticed that:

The following parameters have been removed from create Checkout Session: line_items[amount] line_items[currency] line_items[name] line_items[description] line_items[images]

This seems to indicate that the API version being used by the webhook needs to be downgraded to the previous version where this functionality might resume working.

[DanielAtCosmicDNA]

Updating the dependencies @stripe/stripe-js to 1.35.0, stripe to 10.0.0 in the package.json file and the Stripe CLI to 1.10.4, I was able to fix the order creation by using customer_details instead of customer in the file create-order.js.

The resulting code:

async function createOrder({ sessionId }) {
  const {
    customer_details,
    line_items,
    ...session
  } = await stripe.checkout.sessions.retrieve(sessionId, {
    expand: ['line_items.data.price.product', 'customer_details']
  })

  return await hygraphMutationClient.request(createOrderMutation, {
    order: {
      email: customer_details.email,
      total: session.amount_total,
      stripeCheckoutId: session.id,
      orderItems: {
        create: line_items.data.map((item) => ({
          quantity: item.quantity,
          total: item.amount_total,
          product: {
            connect: {
              id: item.price.product.metadata.productId
            }
          }
        }))
      }
    }
  })
}

Although the order creation in Hygraph database was fixed, the request from the line https://github.com/hygraph/hygraph-commerce-starter/blob/04d8013a5aa30e979eabadc72fbef352973044db/lib/get-order-session-id.js#L29 called by https://github.com/hygraph/hygraph-commerce-starter/blob/04d8013a5aa30e979eabadc72fbef352973044db/pages/success.js#L13 fails with the error you mentioned.

If the same request is done directly within Hygraph playground, the graphql request succeeds though.

[DanielAtCosmicDNA]

I found out that this problem was being triggered because I was using a Hypergraph Permanent Auth Token without authorization to read from the API. After setting up the environment variable the correct public NEXT_PUBLIC_GRAPHCMS_TOKEN, it is now working properly.