Failed to Authorize Payment

[kevinrobert3]

I keep getting error An error occurred while processing paystack.webhook_event: Error: Paystack Payment error: Failed to authorize payment: when a payment is made. On v1.3.0

At times the payment is captured and at times it's not.

[kevinrobert3]

From this one am getting, Payment is made and Paystack's webhook hits medusa fast even before cart is complete so the webhook does not find the transaction reference.

Right?

[kevinrobert3]

Can we configure the webhook to be the source of truth to somehow update everything that is needed in Medusa. It is only right as so many failures can happen on client anyway. Or what would be the implication of trying to complete a cart on client that Paystack's Webhook has already a second ago updated

[a11rew]

No that shouldn't be an issue, the webhook is designed to complete the cart without any interaction from the client, so you don't lose transactions if they don't click the complete button for example.

Could you confirm your cart's payment session data has a the paystackTxRef property before the webhook runs?

You could fetch the payment session data for the cart in image two for example by running this SQL query in your Medusa database

SELECT * FROM "public"."payment_session" WHERE cart_id='cart_01HW5MMEG5HTAWQYEWEQSH1PDB'

When status is "pending", data should look something like this

{"cartId": "cart_01HNNABX8Q8NQNEZW3JXFNJVVY", "paystackTxRef": "3ovz83vyde", "paystackTxAuthData": {"reference": "3ovz83vyde", "access_code": "ydzuueu99xzvyzk", "authorization_url": "https://checkout.paystack.com/ydzuueu99xzvyzk"}}

If it does not include this then the transaction wasn't initialized correctly, which would point to another error higher up that would help better diagnose this

[kevinrobert3]

This is the payment_sessions

So the issue is not there

[kevinrobert3]

When running locally and trying to complete the cart I get the 400 error with reference not found

Note the backend logs at that time below

Everything runs well here, except the local one

[kevinrobert3]

Now when running in a live environment.

These are the logs

52.31.139.75 - - [23/Apr/2024:15:20:21 +0000] "POST /paystack/hooks HTTP/1.1" 200 2 "-" "Paystack/2.0"

102.216.154.46 - - [23/Apr/2024:15:20:22 +0000] "OPTIONS /store/carts/cart_01HW5RM1BQEWH1QNEAV5YCS3S7/complete HTTP/1.1" 204 0 "[https://example.com/"](https://example.com/%22); "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"

Processing paystack.webhook_event which has 1 subscribers

An error occurred while processing paystack.webhook_event: Error: Paystack Payment error: Failed to authorize payment:
Error: Error from Paystack API with status code 400: Transaction reference not found
    at Paystack.<anonymous> (/app/node_modules/medusa-payment-paystack/dist/lib/paystack.js:133:35)
    at step (/app/node_modules/medusa-payment-paystack/dist/lib/paystack.js:33:23)
    at Object.throw (/app/node_modules/medusa-payment-paystack/dist/lib/paystack.js:14:53)
    at rejected (/app/node_modules/medusa-payment-paystack/dist/lib/paystack.js:6:65)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

One or more subscribers of paystack.webhook_event failed. Retrying is not configured. Use 'attempts' option when emitting events.

Processing cart.updated which has 0 subscribers

102.216.154.46 - - [23/Apr/2024:15:20:39 +0000] "POST /store/carts/cart_01HW5RM1BQEWH1EAV5YCS3S7/complete HTTP/1.1" 200 6077 "[https://example.com/"]; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"

44.206.229.96 - - [23/Apr/2024:15:20:39 +0000] "GET /store/orders/order_01HW5RPS0HXF5V8PWBQRBD1T4D HTTP/1.1" 200 6452 "-" "axios/0.24.0"

This is my setup, local:3000 connecting to local redis, live db ('staging-db').
And staging server connecting to live redis and live db (also 'staging-db').

Just to ensure events are not getting mixed up with.

So I do first local transaction, the results in the screenshot, i.e 400 on local browser, everything good in live server in terms of hooks.

And second transaction (All Live no local), here in this comment. Results...1. Success in browser i.e user is redirected to order complete, 2. but the error 400 happens in live server now

[a11rew]

There's a ton of information here (thank you for that), but not enough to tell what is the issue definitively from here - missing importantly the debug logs printed when the webhook event is first received.

I'm going to go out on a limb and say this is most likely happening because you have different Paystack secret keys across your local and staging envs but are using the same database. This also does not look to be a webhook specific issue - you get the same "Transaction reference not found" error when you complete the cart with the "/complete" endpoint from the frontend as you do when the plugin tries to complete the cart on a webhook event.

I'm going to walk through what happens when a payment is made and the plugin tries to authorize the payment so you can either figure it out or help us understand which part of the plugin is being problematic.

When a user clicks "Pay with Paystack" on the frontend, a payment session is initialized by Medusa. Medusa asks this pluign to initialize a payment session as well so it initializes a payment with Paystack and adds the reference for that transaction to the payment session's data (which is part of the cart).

After a user completes the payment you call the /complete endpoint. If you have webhooks configured, Paystack sends the charge.success webhook event which is handled by the plugin. The plugin when handling the webhook, and Medusa when handling a request to the /complete endpoint, do the same thing - call the user's configured CartCompletionStrategy. If you haven't overridden the default CartCompletionStrategy, after other processes are completed, this plugin is called to authorize the payment.

To authorize the payment, the plugin retrieves the cart being completed by id (this id is part of the webhook event received or received as part of the /complete endpoint call), the reference is obtained from the cart's payment session data, and then sent to Paystack's verify endpoint to confirm the transaction has been paid for.

What is happening in your case here is when the obtained reference is sent to Paystack, Paystack says it has no knowledge of a transaction with that reference on your account. You should confirm the reference received in the webhook or added to your cart's payment session data is a valid transaction on your Paystack dashboard and then confirm the secret key for that account is actually what is in your Medusa backend.

Note the reference received in the webhook event (4f65cfd2rw):

I could find the transaction with reference 4f65cfd2rw on my Paystack dashboard: