Fixed: Urgent: I need to make delivery today and I am stuck with the payments API webhooks

Fixed the issue by sending user_id in payment note. :sweat_smile:

I have integrated checkout API in my laravel app and now i am trying to utilize webhook → payment.updated so then i can update the subscripton status of the user who made payment but i cannot access the Auth::user() i.e. the authenticated user on my app.

I have also verified the signature key for the webhook subscriptions.

class SquareWebhookAuthentication
private const NOTIFICATION_URL = ‘https://********/payment-plan-webhook’; // Replace with your actual webhook URL
private const SIGNATURE_KEY = ‘*************’; // Replace with your actual signature key

 * Handle an incoming request.
 * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
public function handle($request, Closure $next)
    $receivedSignature = $request->header('x-square-hmacsha256-signature');
    $body = $request->getContent();

    // Log::info("user id = ".config('user_id'));

    // Perform your authentication logic here
    if (!$this->isFromSquare($receivedSignature, $body)) {
        return response('Unauthorized', 401);
    } else {
        // if(\Auth::check()) {
        //     Log::info("Check = ".\Auth::user());
        // } else {
        //     Log::info("User = ".\Auth::user());
        // }

    return $next($request);

private function isFromSquare($signature, $body)
    $hash = hash_hmac('sha256', self::NOTIFICATION_URL.$body, self::SIGNATURE_KEY, true);
    $expectedSignature = base64_encode($hash);
    return $signature === $expectedSignature;

I have tried almost everything. I think the problem is with presistent sessions or with the sanctum authentication.

I have also excluded the webhook route from my CSRFToken verification.

class VerifyCsrfToken extends Middleware
* The URIs that should be excluded from CSRF verification.
* @var array<int, string>
protected $except = [

This is the error I get in my log.

[2023-07-05 09:50:55] local.ERROR: Attempt to assign property “subscription_status” on null {“exception”:"[object] (Error(code: 0): Attempt to assign property "subscription_status" on null at /home/c2cdox/public_html/app/Http/Controllers/PaymentController.php:43)

Were you able to fix this by sending the user_id in the payment note? If not what’s your application ID? :slightly_smiling_face:

sending user id in payment note only helps in sandbox envirenoment not production. But I made a way out for this. now thw problem is that i am recieving 2 webhook requests instead of one for my payment.updated webhook. i need to know why this is happening.

Application ID: sq0idp-8Xr9NugYJu1nlJP9PYQ_rg

Multiple payment.updated events isn’t unexpected. There are things like fees and customers added to payments asynchronously that trigger events. :slight_smile:

Is there any solution to only get the request for when the payment is made. I need to keep the records for the payments for my customers.

Yeah, you can listen to payment.created events which will trigger when a payment is made instead of getting multiple payment.updated events. :slight_smile:

But doesn’t the checkout link only triggers the payment.updated event?

thanks alot, Bryan. everything working now.