WEBVTT 00:00.440 --> 00:02.870 So our next task is to tie everything together. 00:02.870 --> 00:07.220 And that means stripe notifying our back end API. 00:07.250 --> 00:13.310 Once a payment has been received, and then we can match that to the order and confirm the payment has 00:13.310 --> 00:14.690 been received as well. 00:14.690 --> 00:18.440 So let's head back to VS code to configure this. 00:18.440 --> 00:20.630 And I'll close all the current tabs down. 00:20.630 --> 00:25.850 And we'll open up our payments controller to do this. 00:26.000 --> 00:30.110 And inside here we're going to create another endpoint. 00:30.440 --> 00:33.140 And it's going to be an HTTP post. 00:33.680 --> 00:36.140 And we'll call it just simply web hook. 00:36.170 --> 00:39.110 This is what stripe will use to call our API. 00:39.110 --> 00:42.170 So we'll use public async task. 00:42.560 --> 00:49.310 And all we need to do to confirm with stripe that we've received their webhook and processed. 00:49.310 --> 00:51.920 It is just to return an okay response. 00:51.920 --> 00:59.270 So we'll just use an I action result for this particular endpoint and we'll call it Stripe Webhook. 01:01.250 --> 01:05.490 And inside here the way that stripe is going to send this request. 01:05.520 --> 01:08.520 We need to access the request body. 01:09.300 --> 01:12.540 And to do that we're going to need to use a stream reader. 01:12.540 --> 01:14.190 So we'll use var JSON. 01:15.480 --> 01:21.660 As we'll need to format this request into something that we can use inside our controller. 01:21.900 --> 01:25.950 And we'll use Await new stream Reader. 01:26.700 --> 01:29.580 And we'll pass in the request dot body. 01:30.420 --> 01:36.780 And then we'll use the read to end async so that we're effectively reading that request body. 01:36.810 --> 01:40.200 And then we'll add a try catch block. 01:41.100 --> 01:47.790 And inside here we'll say var stripe events equals. 01:47.790 --> 01:52.500 And we'll create a method to construct the stripe event. 01:52.500 --> 01:54.780 And we'll pass in the JSON here. 01:54.780 --> 01:57.780 And we'll put our cursor inside this method. 01:58.110 --> 02:00.210 And we'll generate this method. 02:00.210 --> 02:08.310 And inside here we will return effectively an event which we get from stripe. 02:08.670 --> 02:12.240 so please ensure you bring stripe in as well at the top. 02:12.240 --> 02:15.030 So we've got access to this functionality. 02:16.020 --> 02:24.450 So inside this construct stripe event we'll also do this inside a try catch block as well. 02:24.450 --> 02:28.470 And we will use or we will return from this method. 02:28.920 --> 02:35.010 We will return event's utility again something we use from stripe. 02:35.010 --> 02:36.960 And we'll construct the events. 02:36.960 --> 02:40.710 And we'll pass in JSON as a second parameter. 02:40.710 --> 02:44.490 Here we need to pass a stripe signature header. 02:44.490 --> 02:52.380 And this is what we use to ensure our API can trust the request that is coming in from stripe. 02:52.380 --> 02:55.110 So we're going to look for a request header. 02:55.320 --> 02:58.530 And we'll specify request dot headers. 02:58.620 --> 03:05.040 And inside here we're going to specify stripe dash signature. 03:05.070 --> 03:06.990 That's what we're going to look for. 03:07.020 --> 03:13.510 And then to the right of the square brackets we're going to read from our configuration to get what 03:13.540 --> 03:15.460 this value needs to match. 03:15.460 --> 03:18.100 So we're going to need access to our configuration inside here. 03:18.100 --> 03:19.480 Let's just bring this down. 03:19.480 --> 03:23.560 And I'm going to add on to this the AI configuration. 03:24.130 --> 03:24.940 Ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay ay. 03:25.330 --> 03:27.100 And call it config. 03:27.580 --> 03:29.920 And back down in our code. 03:30.430 --> 03:34.120 Let's move this down onto the next line. 03:34.300 --> 03:38.050 And we're going to compare this to the config. 03:38.290 --> 03:44.680 And we're going to look for stripe settings colon w h secret. 03:44.680 --> 03:47.890 And this is another secret that we need to get from our stripe dashboard. 03:47.890 --> 03:50.800 We don't have it yet but we will do soon. 03:51.640 --> 03:57.760 And in the catch block let's just remove system and say exception x. 03:57.760 --> 04:03.610 And we'll also bring our logger into this actually so we can output what this is into our console. 04:03.610 --> 04:05.620 So I'll specify the ilogger. 04:06.010 --> 04:10.690 And this is going to be logging against the payments controller. 04:10.690 --> 04:12.250 And we'll call it logger. 04:13.090 --> 04:15.130 And I'll bring that down as well. 04:15.130 --> 04:21.390 And then we'll scroll back down to our construct Stripe event method. 04:21.390 --> 04:27.420 And inside the catch block here we'll just use our new logger dot log error. 04:28.410 --> 04:30.750 And the first parameter can be the exception. 04:30.750 --> 04:36.420 And we'll just say failed to construct stripe events. 04:36.510 --> 04:46.590 And we'll throw a new stripe exception and just say invalid signature. 04:47.550 --> 04:53.850 So this is the part where we effectively confirm that we trust what is coming from stripe. 04:53.850 --> 04:59.970 Because what we're doing here is confirming that we've received payment on our back end API from stripe. 04:59.970 --> 05:05.130 So once the user has confirmed their payment, then stripe is going to send a notification to our API. 05:05.160 --> 05:09.150 And we'll use this to mark the order as payment received. 05:09.150 --> 05:13.590 And then we kick off another process that we're not covering on this course, but that would then kick 05:13.590 --> 05:20.980 off the next process to start packing the order in the warehouse and then shipping it to the customer 05:20.980 --> 05:22.420 and so on and so forth. 05:22.420 --> 05:28.360 But it's important that we trust what we get back from stripe, and using this system ensures that we 05:28.360 --> 05:29.620 can trust stripe. 05:29.620 --> 05:32.260 So back up to our stripe webhook line. 05:32.260 --> 05:35.260 And now we have the stripe events. 05:35.800 --> 05:37.630 We'll check the stripe event. 05:37.630 --> 05:51.220 So if the stripe events dot data dot object and we can use is not payment intent intents, then we can 05:51.220 --> 05:56.200 return a bad request and just say invalid. 05:58.510 --> 06:00.250 Event data. 06:00.670 --> 06:03.820 And then we can further check this. 06:03.820 --> 06:11.260 And using this approach here gives us access to the payment intent using the word intent. 06:11.650 --> 06:15.400 So we can check to see if the intent status. 06:17.440 --> 06:20.620 Is equal to succeeded. 06:21.850 --> 06:24.670 And do we get any intellisense for this? 06:24.700 --> 06:25.840 Oh, no. 06:25.870 --> 06:27.460 But that's what we're looking for here. 06:27.460 --> 06:31.900 We're looking for the word succeeded, and it doesn't look like we're going to get any compiler support 06:31.900 --> 06:32.140 here. 06:32.140 --> 06:37.360 So important to be careful with this particular spelling of this word. 06:37.390 --> 06:43.930 And if it is succeeded then we're going to await and we're going to create a method called handle payment 06:43.960 --> 06:46.150 intent succeeded. 06:47.680 --> 06:51.160 And we're going to pass in the intent to that method. 06:51.850 --> 07:00.610 Otherwise we'll add an else and we'll use await and handle payment intent failed. 07:00.610 --> 07:03.640 And we'll pass the intent through to that method. 07:03.640 --> 07:10.060 So let's put our cursor inside the first method and generate that and do the same for the second method 07:10.060 --> 07:11.170 as well. 07:11.170 --> 07:14.980 And below this we can return okay. 07:15.760 --> 07:21.130 And let's just catch the exception and populate this block of code as well. 07:21.130 --> 07:23.110 We'll use exception x again. 07:23.110 --> 07:25.900 And we'll use our logger inside here as well. 07:25.900 --> 07:38.290 In fact let's check for the 40 stripe exception first and call this x and we will use logger and log 07:38.320 --> 07:46.690 error and specify x and just say stripe webhook error. 07:48.130 --> 07:54.880 And if we do have a stripe exception then we're going to return a status code. 07:55.570 --> 08:00.610 And we're effectively going to return a 500 internal server error from this. 08:00.610 --> 08:08.710 But we need to get this from status codes, which is something that we bring in from DotNet. 08:08.710 --> 08:20.320 And we can use the status 500 internal server error and just say webhook error. 08:20.470 --> 08:22.840 And this is what we're sending back to stripe. 08:22.840 --> 08:27.700 So effectively in the stripe dashboard with the webhook system. 08:27.700 --> 08:35.150 Then we'll be able to see if the webhook did have an error and whilst we can't throw an exception to 08:35.180 --> 08:43.760 stripe, we can return a 500 error and that's what we would do in this scenario and then we'll catch 08:44.240 --> 08:46.520 any other type of exceptions below this. 08:46.520 --> 08:53.030 So we'll have another catch, and we'll use this one for just any other type of exception and say x 08:53.030 --> 08:54.350 for this as well. 08:54.890 --> 09:01.190 And I'll just copy what we're doing here and paste it in this catch block. 09:01.550 --> 09:08.000 And if it's not a stripe error then it's going to be an unexpected error. 09:08.000 --> 09:13.310 So I'll specify an unexpected error has occurred. 09:16.280 --> 09:20.330 And I'll just say unexpected error. 09:21.080 --> 09:21.500 Okay. 09:21.500 --> 09:22.790 So that's halfway there. 09:22.790 --> 09:29.120 We've still got a couple of methods to populate what we want to do if the intent fails and what we want 09:29.120 --> 09:31.430 to do if the intent succeeded. 09:31.430 --> 09:36.200 And we'll populate these two methods in part two of this lesson.