Troubleshooting Expired API Key and Webhook Issues in WooCommerce Stripe Gateway

Understanding the Expired API Key and Webhook Disconnection Problem

Users of the WooCommerce Stripe Payment Gateway plugin have reported a recurring issue where their stores generate thousands of log entries and experience failed orders. The core error message often found in the logs is: platform_api_key_expired. A particularly confusing aspect of this problem is that the expired API key referenced in the error log often does not match the live key currently configured in the WooCommerce settings. Compounding the issue, the Stripe webhook endpoint in WordPress can sometimes disable itself automatically after being reconfigured, leading to a breakdown in payment processing communication.

Why This Happens

This problem frequently surfaces after users remove or disable the 'Legacy' Stripe API version from their Stripe dashboard. The 'Legacy' API version uses an older authentication method. When it is removed, any process or system still trying to use a key associated with that legacy version will fail with an expired key error, even if your current plugin settings are correct.

The rogue, expired API key appearing in logs can originate from a few places:

• Cached Data: The key might be cached by the Stripe plugin, another plugin, or your object caching system (e.g., Redis, Memcached).
• Background Processes: A pending action, subscription renewal, or pre-authorization held in the queue might be attempting to use the old key.
• Webhook Configuration: An outdated webhook in your Stripe dashboard might still be configured with the old API version, causing it to send events that the plugin cannot process with the new key, leading to errors and potential webhook deactivation.

How to Troubleshoot and Resolve the Issue

Step 1: Clear All Caches

The first and most critical step is to purge all caching layers on your site.

1. Object Caching: If you use a persistent object cache like Redis or Memcached, restart the service or flush it using your hosting control panel or a plugin like WP CLI.
2. Plugin/WordPress Cache: Clear any caching performed by your caching plugin (e.g., W3 Total Cache, WP Rocket).
3. Server-Level Cache: Clear any OPcache or other server-level caches. Your hosting provider can often assist with this.

Step 2: Re-Establish the Webhook Endpoint

Since the webhook can disable itself, you need to ensure it is set up correctly and actively listening.

1. In your WordPress admin, go to WooCommerce > Settings > Payments > Stripe.
2. Click on the Settings (or gear) icon and navigate to the Advanced Settings tab.
3. Click Re-create webhook. This will push a new, correctly configured webhook endpoint to your Stripe.com dashboard.
4. Go to your Stripe Dashboard's Webhooks section and verify that only one webhook endpoint for your site is listed and that it is active. Delete any duplicates or old endpoints pointing to your site.

Step 3: Verify API Key Permissions in Stripe

While the plugin typically uses standard API keys, it's good practice to confirm the keys have not been restricted in a way that could cause conflicts.

1. Log into your Stripe Dashboard and navigate to the API keys section.
2. Ensure the live secret key (sk_live_...) you have entered in your WooCommerce settings is active and has not expired.
3. Check that this key has the necessary permissions (e.g., read/write access) for the plugin to function. The WooCommerce Stripe Payment Gateway team suggests using the standard key generated by Stripe for full compatibility.

Step 4: Check for Legacy API Keys

Thoroughly inspect your site's database and configuration for any hard-coded or lingering references to old API keys.

1. Search your theme's functions.php file and any custom code snippets for any PHP functions that might be setting the Stripe API key manually (e.g., wc_stripe_settings filter).
2. Use a plugin like "String Locator" to search your entire database for portions of the old, expired API key that appears in your logs.

Step 5: Monitor and Test

After completing the steps above, enable debug logging in the plugin's advanced settings and place a small test order to verify that the process works correctly and that the expired key errors no longer appear in the logs.

By systematically clearing cached data, re-establishing a clean webhook connection, and verifying your API keys, you can resolve these conflicting API version errors and ensure stable payment processing on your site.