<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Menno van Hattum</title>
    <description>The latest articles on DEV Community by Menno van Hattum (@menno420).</description>
    <link>https://dev.to/menno420</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4026245%2F49422e7b-981b-4edb-9303-245ac73c5200.png</url>
      <title>DEV Community: Menno van Hattum</title>
      <link>https://dev.to/menno420</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/menno420"/>
    <language>en</language>
    <item>
      <title>Your Stripe webhook says customer_email is null — here's why (and the fix)</title>
      <dc:creator>Menno van Hattum</dc:creator>
      <pubDate>Sun, 12 Jul 2026 17:18:47 +0000</pubDate>
      <link>https://dev.to/menno420/your-stripe-webhook-says-customeremail-is-null-heres-why-and-the-fix-1bgp</link>
      <guid>https://dev.to/menno420/your-stripe-webhook-says-customeremail-is-null-heres-why-and-the-fix-1bgp</guid>
      <description>&lt;p&gt;You wired up a Stripe Checkout, added a &lt;code&gt;checkout.session.completed&lt;/code&gt; webhook, and pulled the buyer's email out of the event so you could send them their product. It worked in your head. Then a real order came in and your logs showed:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;buyer email: None
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;The payment went through. The customer was charged. And your handler has no idea who to deliver to. Here's what's actually happening.&lt;/p&gt;

&lt;h2&gt;
  
  
  The symptom
&lt;/h2&gt;

&lt;p&gt;On a real &lt;code&gt;checkout.session.completed&lt;/code&gt; event, this is &lt;code&gt;null&lt;/code&gt;:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;event.data.object.customer_email   -&amp;gt;   null
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;So the obvious line of code — read &lt;code&gt;customer_email&lt;/code&gt; off the session — gets nothing, and the order silently falls on the floor.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why it's null
&lt;/h2&gt;

&lt;p&gt;Stripe Checkout does &lt;strong&gt;not&lt;/strong&gt; put the buyer's email in the top-level &lt;code&gt;customer_email&lt;/code&gt; field on a normal completion. It collects the email during checkout and puts it in the customer details object instead:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;event.data.object.customer_details.email   -&amp;gt;   "buyer@example.com"
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;The top-level &lt;code&gt;customer_email&lt;/code&gt; is only populated when &lt;em&gt;you&lt;/em&gt; set it yourself when creating the session (e.g. you pre-filled it from a logged-in user), or on some older/legacy integrations. So for the common case — a guest buyer typing their email into Stripe's form — &lt;code&gt;customer_email&lt;/code&gt; is &lt;code&gt;null&lt;/code&gt; and the real address is one level down.&lt;/p&gt;

&lt;h2&gt;
  
  
  The fix
&lt;/h2&gt;

&lt;p&gt;Read &lt;code&gt;customer_details.email&lt;/code&gt; first, and fall back to the top-level &lt;code&gt;customer_email&lt;/code&gt; for the pre-filled/legacy case:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;def resolve_buyer_email(session_obj):
    details = session_obj.get("customer_details") or {}
    email = details.get("email")
    if email:
        return email
    # Fallback: populated only when you pre-set it, or on legacy integrations.
    return session_obj.get("customer_email")

# in your webhook handler:
obj = event["data"]["object"]
buyer_email = resolve_buyer_email(obj)
if not buyer_email:
    # don't 200-and-forget: log/flag so no paid order is silently lost
    ...
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;That's it. Once you know the field, it's a few lines — but it costs you real orders until you do.&lt;/p&gt;

&lt;h2&gt;
  
  
  One more that bites right after this one
&lt;/h2&gt;

&lt;p&gt;While you're in here: your &lt;code&gt;success_url&lt;/code&gt;. Stripe only expands one placeholder, &lt;code&gt;{CHECKOUT_SESSION_ID}&lt;/code&gt;. People reach for something like:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;https://yoursite.com/success?email={CHECKOUT_EMAIL}
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;...expecting Stripe to fill in the buyer's email. It doesn't. &lt;code&gt;{CHECKOUT_EMAIL}&lt;/code&gt; is not a real placeholder, so Stripe passes it through &lt;strong&gt;literally&lt;/strong&gt; — your buyer lands on a page with a raw &lt;code&gt;{CHECKOUT_EMAIL}&lt;/code&gt; in the URL. Use &lt;code&gt;{CHECKOUT_SESSION_ID}&lt;/code&gt; and resolve the buyer server-side from the session id.&lt;/p&gt;

&lt;h2&gt;
  
  
  Test it before it costs you
&lt;/h2&gt;

&lt;p&gt;The reason these bugs survive to production is that they don't show up unless you test against the &lt;em&gt;actual shape&lt;/em&gt; Stripe sends — a payload you typed from memory won't have the null &lt;code&gt;customer_email&lt;/code&gt;, so your test passes and production doesn't.&lt;/p&gt;

&lt;p&gt;I packaged the fixtures and checks from this article into a small stdlib-only test kit: it fires real-shape, correctly-signed Stripe events at your local webhook endpoint and verifies exactly these traps (plus forged-signature and replay handling). No dependencies, no Stripe account needed to run it: &lt;strong&gt;&lt;a href="https://mennomagic01.gumroad.com/l/stripe-webhook-test-kit" rel="noopener noreferrer"&gt;Stripe Webhook Test Kit — $29&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;And if you just want the checklist: read &lt;code&gt;customer_details.email&lt;/code&gt; first, only trust &lt;code&gt;{CHECKOUT_SESSION_ID}&lt;/code&gt; in your success URL, verify signatures, enforce the timestamp tolerance.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://mennomagic01.gumroad.com/l/stripe-webhook-test-kit" rel="noopener noreferrer"&gt;https://mennomagic01.gumroad.com/l/stripe-webhook-test-kit&lt;/a&gt;&lt;/p&gt;

</description>
      <category>stripe</category>
      <category>debugging</category>
      <category>webhooks</category>
      <category>payments</category>
    </item>
  </channel>
</rss>
