| Fulfill orders with Checkout | 您所在的位置:网站首页 › checkoutcheckout › Fulfill orders with Checkout |
|
In this section, you’ll create a small event handler so Stripe can send you a checkout.session.completed event when a customer completes checkout. First, create a new route for your event handler. Start by printing out the event you receive. You’ll verify that delivery is working in the next step: # Set your secret key. Remember to switch to your live secret key in production. # See your keys here: https://dashboard.stripe.com/apikeys Stripe.api_key = 'sk_test_Ou1w6LVt3zmVipDVJsvMeQsc' require 'sinatra' post '/webhook' do payload = request.body.read # For now, you only need to print out the webhook payload so you can see # the structure. puts payload.inspect status 200 endTestingRun your server (for example, on localhost:4242). Next, set up Stripe CLI to forward events to your local server, so you can test your event handler locally: Command Linestripe listen --forward-to localhost:4242/webhook Ready! Your webhook signing secret is 'whsec_' (^C to quit)Next, go through Checkout as a customer: Click your checkout button (you probably set this up in the Accept a payment guide)Fill out your payment form with test dataEnter 4242 4242 4242 4242 as the card numberEnter any future date for card expiryEnter any 3-digit number for CVVEnter any billing postal code (90210)Click the Pay buttonYou should see: A checkout.session.completed in the stripe listen outputA print statement from your server’s event logs with the checkout.session.completed eventNow that you’ve verified event delivery, you can add a bit of security to make sure that events are only coming from Stripe. Verify events came from StripeAnyone can POST data to your event handler. Before processing an event, always verify that it came from Stripe before trusting it. The official Stripe library has built-in support for verifying webhook events, which you’ll update your event handler with: # Set your secret key. Remember to switch to your live secret key in production. # See your keys here: https://dashboard.stripe.com/apikeys Stripe.api_key = 'sk_test_Ou1w6LVt3zmVipDVJsvMeQsc' require 'sinatra' # You can find your endpoint's secret in the output of the `stripe listen` # command you ran earlier endpoint_secret = 'whsec_...' post '/webhook' do event = nil # Verify webhook signature and extract the event # See https://stripe.com/docs/webhooks#verify-events for more information. begin sig_header = request.env['HTTP_STRIPE_SIGNATURE'] payload = request.body.read event = Stripe::Webhook.construct_event(payload, sig_header, endpoint_secret) rescue JSON::ParserError => e # Invalid payload return status 400 rescue Stripe::SignatureVerificationError => e # Invalid signature return status 400 end # Print out the event so you can look at it puts event.inspect status 200 endTestingGo through the testing flow from the previous step. You should still see the checkout.session.completed event being printed out successfully. Next, try hitting the endpoint with an unsigned request: Command Linecurl -X POST \ -H "Content-Type: application/json" \ --data '{ "fake": "unsigned request" }' \ -is http://localhost:4242/webhook HTTP/1.1 400 Bad Request ... more headersYou should get a 400 Bad Request error, because you tried to send an unsigned request to your endpoint. Now that the basics of the event handler are set up, you can move on to fulfilling the order. |
| CopyRight 2018-2019 实验室设备网 版权所有 |