Error message in Coinbase code Return type of ApiResource

Commerce API
1

Hi there,

I am testing webhooks, and I’m getting the following error:

Return type of CoinbaseCommerce\Resources\ApiResource::offsetGet($key) should either be compatible with ArrayObject::offsetGet(mixed $key): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice
Array
(
    [0] => Array
        (
            [file] => /home/user/vendor/coinbase/coinbase-commerce/src/Resources/ApiResource.php
            [line] => 8
            [function] => error_handler
            [args] => Array
                (
                    [0] => 8192
                    [1] => Return type of CoinbaseCommerce\Resources\ApiResource::offsetGet($key) should either be compatible with ArrayObject::offsetGet(mixed $key): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice
                    [2] => /home/user/vendor/coinbase/coinbase-commerce/src/Resources/ApiResource.php
                    [3] => 139
                )

        )

It seems like this is an error in the Coinbase code, is that correct? This is the PHP code that I am using:

require '../../vendor/autoload.php';

use CoinbaseCommerce\Webhook;
$secret = 'my secret here';
$headerName = 'X-Cc-Webhook-Signature';
$headers = getallheaders();
$signatureHeader = isset($headers[$headerName]) ? $headers[$headerName] : null;
$payload = trim(file_get_contents('php://input'));

try 
{
	$event = Webhook::buildEvent($payload, $signatureHeader, $secret);
	http_response_code(200);
	file_put_contents('test.txt',sprintf('Successully verified event with id %s and type %s.', $event->id, $event->type));
	//echo sprintf('Successully verified event with id %s and type %s.', $event->id, $event->type);
} 
catch (\Exception $exception) 
{
	http_response_code(400);
	file_put_contents('test.txt','Error occured. '.$exception->getMessage());
	//echo 'Error occured. ' . $exception->getMessage();
}

It’s the same as being shown on the github page for PHP, coinbase-commerce-php/Webhook.php at master · coinbase/coinbase-commerce-php · GitHub. If I test a charge:confirmed webhook, I get a 500 response.

Can you see why this is happening?

Kind regards,
Jay

2

My aim is to verify the signature header. I saw on the page Securing Webhooks | Coinbase Cloud the following: “Always verify the webhook signature before acting on it inside your system. All integrations on our public github page verify this already”, that’s why I was using the code on the github page.

3

Hi @Jay81! Thank you for taking an interest in trying out Coinbase APIs. For the details regarding your inquiry, please know that we will check on this for you with our team to see how we can best assist. We’ll get back to you once we have more information. Keep in touch!

4

Hi @Jay81! We understand that you are trying to verify the signature header. You can opt to use

$headerName = 'x-cc-webhook-signature';

instead of

$headerName = 'X-Cc-Webhook-Signature';

Also, unfortunately we do not actively maintain the client libraries you cited and we already have a warning in the documentation found in this section: Commerce API Client Libraries | Coinbase Cloud

5

Hi there,

Thanks, I will try that. Yes I read the warning that the client libraries on Github are not actively maintained. It is however the only reference that is stated on your page about securing webhooks Securing Webhooks | Coinbase Cloud. So for me, I could not find an alternative way.

Greets

6

Hi @Jay81! We appreciate your understanding about this, and please know that we’re always happy to help.

Please feel free to reply back to this thread should you have other concerns. Thank you and have a great day! :sunny: