I’m slowly starting to dive into Stripe for a personal project. I set up a webhook that triggers whenever a subscription is CRUDed. In the next step of my workflow, I want to update based on the request data I receive, but it feels like my search constraints (using the request data as the base) just aren’t working.
The payload looks fine — honestly, it really feels like the search constraint just isn’t being applied properly. Concrete example: when a subscription is canceled, it triggers my webhook, I run a search on my users with the matching Stripe ID to update their status to canceled, but nothing happens (see screenshot).
I tested privacy settings, that’s not the issue. For context, without a search constraint — e.g. if I just do “search user first item” — the update to canceled works fine. I think it’s something super obvious, but I’ve already spent more than 2 hours on it, so I’m looking for a bit of objectivity here.
Note : I confirm the ID is present and i tested with a fake data using create data thing action to get the id from teh request data. I confirm the ID is created on it
Just to clarify, I’m not using any plugin or API call, I’m doing everything directly via the Stripe portal. Gracias!
Why are you setting the Stripe Customer ID in this change action if the User already has a Stripe Customer ID (you’re even using it in the search constraint)?
And how/where are you setting that in the first place?
I’m pretty the reason this is not working is because, contrary to what you might think, the User does NOT have a Stripe Customer ID when this search is being made.
Just to add some irrelevant information to your question, but which may be extremely relevant to your projects…
I see a lot of people doing this kind of action when receiving a POST from an external source, and it makes your system extremely insecure — especially if your endpoint isn’t protected (and I assume it isn’t).
Anyone could send a POST to your webhook and change a user’s status inside your system. The best practice is to receive the POST and, on your own, run a backend workflow that goes to Stripe and checks whether the information you received is actually correct. Only then, based on Stripe’s response, should you update the user’s information.
The way you’re doing it now, if your endpoint isn’t protected by some authentication mechanism, literally anyone could trigger it — and your system would just accept whatever comes in.
If the customer is created within a frontend workflow, make sure to add the customer ID to the user right away. If the customer is created outside of Bubble and you’re therefore not able to add the customer ID to the user right away, look up the user by email instead and apply the customer ID to the User from the first webhook firing.
On a separate note, since Bubble can’t authenticate webhook authenticity, best practice is to call Stripe in a separate action to retrieve the customer (or whatever other object you’re receiving through the webhook) to ensure that the data you receive through the webhook is authentic and not some sort of break-in attempt.
I have a first step where when a customer + customer is created, it updates a user (screen 1) then i have the other step where in fact as you said i can remove the IDs update which i did but still not working.
So just to make sure, just after the stripe webhook event, i have a back end workflow which makes a get request on stripe with the ID of the event, then on this backend workflow I update the user right ?
No need to set it up as a separate workflow. Just add a Retrieve call in the webhook’s workflow and grab the information from the Retrieve-action’s response instead of the Request Data.
I tried many things, still it seems the search do not get any results and i cannot understand why. I removed unnecessary steps, tried to use plugs in, but nothing is working. I removed privacy settings to check, nothing as well. I m missing something bnut im not sure to understand why … if you guys have a clue … And i tried to manually add customer stripe ID, still the workflow do not update anything. thanks for your ideas if you have !
I see you’ve mentioned privacy rules a few times, so first quick tip is to ignore privacy rules in webhook workflows. Since you’re not returning data through the API or authenticating the incoming request, there’s really no reason to apply privacy rules in the first place.
Next, in your “Search for User’“, don’t “ignore empty constraints”. If for some reason the Stripe API returns an empty response, the search will return all of your app’s users, and the “first item” could be anyone.
The only reason I can think of why the search wouldn’t return any user is that no user is associated with the customer ID in your database.
Alright, this drove me crazy for a while. It turns out there’s either a Bubble bug or a plugin conflict — hard to tell. I noticed a duplicate “Stripe Customer ID” field in my data types (without creating it myself). Even stranger, one of them is embedded in Bubble’s native data type fields, yet it doesn’t show up in the editor / app data
I spent nearly a week stuck on this, wondering why my searches returned nothing — they were pointing to this “invisible” field. Not sure if it’s Bubble or a plugin issue, but if you run into something similar, that’s where to look.
