Completed 401 Unauthorized

[camperoo]

I created a basic Rails app with stripe_event to test out the integration. I followed the steps in the instructions and deployed my app to Heroku, but I get a 401 error when I trigger a Webhooks test from Stripe. Here is what is in the logs

2012-09-29T01:42:58+00:00 app[web.1]:   Parameters: {"type"=>"plan.created", "livemode"=>false, "object"=>"event", "created"=>1326853478, "id"=>"evt_00000000000000", "data"=>{"object"=>{"interval"=>"month", "amount"=>2999, "livemode"=>false, "currency"=>"usd", "object"=>"plan", "name"=>"Month to Month", "interval_count"=>1, "trial_period_days"=>3, "id"=>"monthtomonth_00000000000000"}}, "webhook"=>{"type"=>"plan.created", "livemode"=>false, "object"=>"event", "created"=>1326853478, "id"=>"evt_00000000000000", "data"=>{"object"=>{"interval"=>"month", "amount"=>2999, "livemode"=>false, "currency"=>"usd", "object"=>"plan", "name"=>"Month to Month", "interval_count"=>1, "trial_period_days"=>3, "id"=>"monthtomonth_00000000000000"}}}}
2012-09-29T01:42:58+00:00 app[web.1]: 
2012-09-29T01:42:58+00:00 app[web.1]: 
2012-09-29T01:42:58+00:00 app[web.1]: Started POST "/event-from-stripe" for 50.18.4.244 at 2012-09-29 01:42:58 +0000
2012-09-29T01:42:58+00:00 app[web.1]: Processing by StripeEvent::WebhookController#event as XML
2012-09-29T01:42:59+00:00 app[web.1]: Completed 401 Unauthorized in 545ms (ActiveRecord: 0.0ms)
2012-09-29T01:42:59+00:00 heroku[router]: POST myapp.herokuapp.com/event-from-stripe dyno=web.1 queue=0 wait=0ms service=638ms status=401 bytes=1

I set the STRIPE_API_KEY config in Heroku using:

heroku config:add STRIPE_API_KEY=[my secret API key for test mode]

I double checked the end point, and I printed the Stripe.api_key when I start to application to make sure it is set properly.

It seems strange that the log says it is processing the event as XML, even though it is receiving JSON.

Any ideas on what is going on here?

Thanks in advance!

-javid

[invisiblefunnel]

The "Test Webhook" button sends a fake event ("id"=>"evt_00000000000000") so it can't be retrieved from Stripe. Try triggering an event by using the dashboard to create a payment, etc. I will make a note about this on the readme. Thank you for posting.

[camperoo]

Ah, that makes sense. Thanks for the quick response! Perhaps stripe_event shouldn't throw a 401 in this case, because the authentication isn't the problem, the problem is the fact that the id doesn't exist.

[invisiblefunnel]

Apologies for the slow reply. What do you think would be the best way to handle it? I've been thinking of a missing event as a failure to authenticate, based on a discussion on the Stripe support forum. Is there a more appropriate http status to return?

[sdbondi]

For what it's worth, this allows you to test with stripe test webhooks:

 StripeEvent.event_retriever = lambda do |params|
    if params[:livemode]
        ::Stripe::Event.retrieve(params[:id])
    elsif Rails.env.development?
        # This will return an event as is from the request (security concern in production)
    ::Stripe::Event.construct_from(params.deep_symbolize_keys)
    else
        nil
    end
end

[pas256]

@sdbondi Thank you! (I love the internet)

[rsiddle]

@sdbondi This is a great tip! Spent a while trying to figure this one out.