ps_checkout v8.5.0.3 – Undefined array keys (Shop-Id, Merchant-Id, Psx-Id) and webhook signature 400 error #1383
Replies: 5 comments 1 reply
-
|
Hello @jesvima-alt, From the logs you share it seems something wrong happens when ps_checkout receives a webhook from the Checkout API and attempts to verify it to make sure it is a legit webhook (and not a webhook crafted by an attacker). As yousaid it seems to be caused by missing fields in the webhook payload (Shop-Id, Merchant-Id, Psx-Id, eventStream) (if the fields are missing then the webhook is not recognized). We were doing tests yesterday for ps_checkout v8.5.0.4 and we did not have this problem while testing so the PHP code of the module seems to be OK in a standard case. Your problem could affect some of the webhooks you receive, or all of them. But in order for us to know we need to investigate your module, your shop, your instance. Please contact the Support team, please use the link so that they can proceed to further analysis. They will open a private conversation with you where you will be able to share your specific informations, something that should not be done here because this area is public. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, I encountered the same error and got a 500 Internal Server Error. It seems to be caused by the Here’s an excerpt from the anonymized log for reference: PHP Warning: Undefined array key "Shop-Id" in /modules/ps_checkout/vendor/invertus/core/src/WebhookDispatcher/ValueObject/DispatchWebhookRequest.php on line 177
PHP Warning: Undefined array key "Merchant-Id" in /modules/ps_checkout/vendor/invertus/core/src/WebhookDispatcher/ValueObject/DispatchWebhookRequest.php on line 178
PHP Warning: Undefined array key "Psx-Id" in /modules/ps_checkout/vendor/invertus/core/src/WebhookDispatcher/ValueObject/DispatchWebhookRequest.php on line 179
PHP Fatal error: Uncaught Http\Client\Exception\HttpException: Bad Request in /modules/ps_checkout/vendor/invertus/api/src/Http/PsrHttpClientAdapter.php:65 |
Beta Was this translation helpful? Give feedback.
-
|
Hello, I encountered the same error and got a 500 internal Server Error, with Prestashop checkout v8.5.0.4 |
Beta Was this translation helpful? Give feedback.
-
|
Hello, I've identified the bug causing the webhook validation failures. The Bug Chain1. Headers are transformed to camelCase ( private function transformHeaders(array $headers): array
{
return [
'shopId' => $headers['Shop-Id'], // camelCase
'merchantId' => $headers['Merchant-Id'], // camelCase
'firebaseId' => $headers['Psx-Id'], // camelCase
];
}2. Controller receives transformed headers ( $headerValues = $headerValuesValidator->validate(); // Returns camelCase keys
$logger->info('Headers validated', $headerValues);
$dispatchWebhookRequest = DispatchWebhookRequest::createFromRequest($bodyValues, $headerValues);3. Request object tries to access original hyphenated keys ( public static function createFromRequest(array $bodyValues, array $headerValues): self
{
return new self(
(array) $bodyValues['resource'],
(string) $bodyValues['eventType'],
(string) $bodyValues['category'],
$bodyValues['summary'] ?? null,
$bodyValues['orderId'] ?? null,
(string) $headerValues['Shop-Id'], // ❌ Looking for 'Shop-Id'
(string) $headerValues['Merchant-Id'], // ❌ but array has 'shopId'
(string) $headerValues['Psx-Id'] // ❌ but array has 'firebaseId'
);
}The behavior varies based on server configuration (WebhookHeaderProvider.php:33-44): Apache servers with getallheaders():
Nginx/other environments without getallheaders():
After transformation: ['shopId' => 'value', 'merchantId' => 'value', ...] The Fix Change DispatchWebhookRequest::createFromRequest() to use the transformed camelCase keys: public static function createFromRequest(array $bodyValues, array $headerValues): self
{
return new self(
(array) $bodyValues['resource'],
(string) $bodyValues['eventType'],
(string) $bodyValues['category'],
$bodyValues['summary'] ?? null,
$bodyValues['orderId'] ?? null,
(string) $headerValues['shopId'], // ✅ Use camelCase
(string) $headerValues['merchantId'], // ✅ Use camelCase
(string) $headerValues['firebaseId'] // ✅ Use camelCase
);
}Affected Files
|
Beta Was this translation helpful? Give feedback.
-
|
Thank you we will convert this suggestion in a PR ;) #1396 |
Beta Was this translation helpful? Give feedback.
-
|
@louisbels We have been trying to find the root cause of this problem for a very long time 😄 thank you so much! We were looking at API, module, trying to find what was wrong or not... We'll verify what you said very quick 😉 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello team,
I’m experiencing an issue with the ps_checkout module after updating to v8.5.0.3 on PrestaShop 8.2.3.
Bug description
When a payment is completed successfully, the order is created correctly and the payment is captured.
However, every time the webhook is triggered, the following warnings and a fatal error appear in the server logs:
[26-Sep-2025 21:16:23 Europe/Madrid] PHP Warning: Undefined array key "Shop-Id" in /modules/ps_checkout/vendor/invertus/core/src/WebhookDispatcher/ValueObject/DispatchWebhookRequest.php on line 177
[26-Sep-2025 21:16:23 Europe/Madrid] PHP Warning: Undefined array key "Merchant-Id" ...
[26-Sep-2025 21:16:23 Europe/Madrid] PHP Warning: Undefined array key "Psx-Id" ...
[26-Sep-2025 21:16:23 Europe/Madrid] PHP Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: POST https://api-live-checkout.psessentials.net/payments/shop/verify_webhook_signature resulted in a 400 Bad Request response:
{"statusCode":400,"error":"Bad Request","message":"Invalid request payload input. child "eventStream" fails because [...]"}
Actual behavior
Shop-Id,Merchant-Id,Psx-Id,eventStream).The bug does not block orders, but it floods logs with errors and indicates that webhook verification fails.
Could you please confirm if this is a known issue or if a patch is planned?
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions