PayPal WebHooks - Paypal-cert-url

Question

I'm having an issue with PayPal webhooks, i will receive all webhooks except for ones dealing with activating a purchase like BILLING.SUBSCRIPTION.ACTIVATED

i'm thinking it has something to do with my code here:

$signatureVerification = new VerifyWebhookSignature();
$signatureVerification->setAuthAlgo($headers['PAYPAL-AUTH-ALGO']);
$signatureVerification->setTransmissionId($headers['PAYPAL-TRANSMISSION-ID']);
//$signatureVerification->setCertUrl($headers['PAYPAL-CERT-URL']);
$signatureVerification->setWebhookId("###########"); 
$signatureVerification->setTransmissionSig($headers['PAYPAL-TRANSMISSION-SIG']);
$signatureVerification->setTransmissionTime($headers['PAYPAL-TRANSMISSION-TIME']);

I'm sure it has to do with the cert-url being commented out, but when i uncomment it, it causes a 500 error, and i can't find anything to do with it, if i call paypal their tech support has "no idea what a webhook is" so i'm sitting here scratching my head figuring out how to get payment activation notices, i receive the ones about subscriptions being canceled, or suspended etc. but activation, re-activation etc don't come through.

Edit: paypal webbhook documentation

Edit 2: Webhook Event Detail

{
"id": "##########",
"create_time": "2021-07-16T17:09:06.604Z",
"resource_type": "subscription",
"event_type": "BILLING.SUBSCRIPTION.ACTIVATED",
"summary": "Subscription activated",
"resource": {
    "quantity": "1",
    "subscriber": {
        "email_address": "#####",
        "payer_id": "#####",
        "name": {
            "given_name": "####",
            "surname": "###"
        },
        "shipping_address": {
            "name": {
                "full_name": "### ###"
            },
            "address": {
                "address_line_1": "####",
                "admin_area_2": "######",
                "admin_area_1": "##",
                "postal_code": "#####",
                "country_code": "##"
            }
        }
    },
    "create_time": "2021-07-16T15:46:02Z",
    "plan_overridden": false,
    "shipping_amount": {
        "currency_code": "USD",
        "value": "0.0"
    },
    "start_time": "2021-07-16T15:45:34Z",
    "update_time": "2021-07-16T17:08:52Z",
    "billing_info": {
        "outstanding_balance": {
            "currency_code": "USD",
            "value": "0.0"
        },
        "cycle_executions": [
            {
                "tenure_type": "REGULAR",
                "sequence": 1,
                "cycles_completed": 1,
                "cycles_remaining": 0,
                "current_pricing_scheme_version": 5,
                "total_cycles": 0
            }
        ],
        "last_payment": {
            "amount": {
                "currency_code": "USD",
                "value": "1.0"
            },
            "time": "2021-07-16T15:46:03Z"
        },
        "next_billing_time": "2021-08-16T10:00:00Z",
        "failed_payments_count": 0
    },
    "links": [
        {
            "href": "https://api.paypal.com/v1/billing/subscriptions/#####/cancel",
            "rel": "cancel",
            "method": "POST",
            "encType": "application/json"
        },
        {
            "href": "https://api.paypal.com/v1/billing/subscriptions/#####",
            "rel": "edit",
            "method": "PATCH",
            "encType": "application/json"
        },
        {
            "href": "https://api.paypal.com/v1/billing/subscriptions/######",
            "rel": "self",
            "method": "GET",
            "encType": "application/json"
        },
        {
            "href": "https://api.paypal.com/v1/billing/subscriptions/#####/suspend",
            "rel": "suspend",
            "method": "POST",
            "encType": "application/json"
        },
        {
            "href": "https://api.paypal.com/v1/billing/subscriptions/###/capture",
            "rel": "capture",
            "method": "POST",
            "encType": "application/json"
        }
    ],
    "id": "#######",
    "plan_id": "#####",
    "status": "ACTIVE",
    "status_update_time": "2021-07-16T17:08:52Z"
},
"status": "PENDING",
"transmissions": [
    {
        "webhook_url": "https://####.com/#####/agreementmade.php",
        "http_status": 500,
        "reason_phrase": "HTTP/1.1 200 Connection established",
        "response_headers": {
            "Server": "Apache",
            "content-Security-Policy": "upgrade-insecure-requests",
            "Connection": "Upgrade, close",
            "Content-Length": "0",
            "Upgrade": "h2,h2c",
            "Date": "Fri, 16 Jul 2021 18:37:56 GMT",
            "Content-Type": "text/html; charset=UTF-8"
        },
        "transmission_id": "######",
        "status": "PENDING",
        "timestamp": "2021-07-16T18:20:34Z"
    }
],
"links": [
    {
        "href": "https://api.paypal.com/v1/notifications/webhooks-events/WH-7XU19530D58819401-6WM79832N6059693G",
        "rel": "self",
        "method": "GET",
        "encType": "application/json"
    },
    {
        "href": "https://api.paypal.com/v1/notifications/webhooks-events/WH-7XU19530D58819401-6WM79832N6059693G/resend",
        "rel": "resend",
        "method": "POST",
        "encType": "application/json"
    }
],
"event_version": "1.0",
"resource_version": "2.0"
 }

Edit 3: SSL Logs

173.0.81.65 - - [16/Jul/2021:13:21:29 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:21:42 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:22:05 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:22:37 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:22:48 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 200 - "-" "PayPal/AUHD-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:23:15 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
114.119.132.34 - - [16/Jul/2021:13:23:35 -0500] "GET /profile.php?id=868&area=videos HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://webmaster.petalsearch.com/site/petalbot)" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:23:47 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:24:01 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:24:33 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:24:35 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:25:14 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:25:39 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:26:00 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:26:48 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:27:29 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:28:10 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:28:55 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:29:22 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
114.119.151.170 - - [16/Jul/2021:13:29:38 -0500] "GET /blog.php?id=1163 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://webmaster.petalsearch.com/site/petalbot)" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:30:10 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129
173.0.81.65 - - [16/Jul/2021:13:31:14 -0500] "POST /skivecare/agreementmade.php HTTP/1.1" 500 - "-" "PayPal/AUHR-214.0-55756836" skivecore.com 192.185.36.129

Please add the reference to the PayPal Webhook Developer Documentation to your question. — hakre, Jul 16 '21 at 18:35
Please provoke a 500 error and then get the actual error messages from the PHP error and Webserver error logs (and also add them to your question). — hakre, Jul 16 '21 at 18:40
@hakre webhook details added with the http information in the "transmissions" area — skivecore, Jul 16 '21 at 18:49
You write you have a 500 error. Wasn't it from your script? Just looking for the actual error messages behind it ... — hakre, Jul 16 '21 at 18:51
When i load up the page its fine, the only time I see the 500 error, is when i look at the logs from paypal in webhooks under the transmissions section as to why that specific webhook wasn't sent. — skivecore, Jul 16 '21 at 18:54
find the according entry in your server logs. You need the actual error message otherwise this is stabbing in the dark. 500? -> get the logs. — hakre, Jul 16 '21 at 18:57
Your page is returning that error to PayPal when PayPal sends it the webhook, so obviously you need to debug what is causing it to error out. Add logging, or reproduce the error yourself with a mock webhook post to your listener URL. — Preston PHX, Jul 16 '21 at 19:21
That's what i'm trying to figure out, because the 500 is only being returned when .activated, .re-activated or .renewed webhooks come, so i'm not sure why .created, .cancelled or .expired can get sent, but the others can't? — skivecore, Jul 16 '21 at 19:27
@hakre so i figured it out, it was actually a error in part of my SQL code, i had a "," in the wrong place..... Small details... — skivecore, Jul 16 '21 at 19:44
@skivecore: ... yes, often that is in the details with computer systems. had lunch so could not comment earlier: the log you're posted is the access log from webserver it looks to me. I would have gone for the error log from webserver (and if PHP has an error log configuration additionally, also that one - it normally goes into the SAPI error channel so the webserver error log has it already). it has the actual error message from PHP. I could not see from the data what Preson PHX comment, but it's insightful, too. 500 is normally a sign that not. — hakre, Jul 16 '21 at 20:14
Was there some error context also with https://stackoverflow.com/q/68402339/367456 or is that more a of the webhook specification / API details business logic question? — hakre, Jul 16 '21 at 20:16
and sorry for the bumping, as seeing it now: take this comment to your heart: https://stackoverflow.com/questions/68371618/how-to-verify-paypal-subscription#comment120847323_68371618 as it's easy to make little mistakes, you don't want them when handling subscriptions, so better safe than sorry. — hakre, Jul 16 '21 at 20:31
It's no problem, just been working on this for a while so i've locked myself to my desk figuring this out lol, the question over at https://stackoverflow.com/q/68402339/367456, was just a business logic question figuring out what the differences between everything was and how to handle them. — skivecore, Jul 16 '21 at 20:44

PayPal WebHooks - Paypal-cert-url

0 Answers0