#Peter-webhook-error

Hi there

just updated with more details

Hrmm where are you seeing that error exactly?

const secretName = process.env.STRIPE_WEBHOOK_SECRET || 'whsec_a39b30aa5ba.......a7630e34b530d9d78e56b';
try { 
  const event = stripe.webhooks.constructEvent(req.body, sig, secretName);
} catch (error) {
  console.log(error)
}

I'm testing this locally first

but I was seeing the same thing in my dev environment

> Ready! You are using Stripe API Version [2020-08-27]. Your webhook signing secret is wh....b (^C to quit)

Please edit the above to remove your webhook secret

This is a public server

So anyone could grab that

ah yeah this is just the local secret

Yeah still don't want anyone attempting to access anything on your account

donbe

done

Still one more from your code snippet

done

Thanks

const sig = req.headers['stripe-signature'] as string;

So the most important thing here is that you have to have the raw request body in order to verify signatures

Are you using Express?

yeah

It might just help if you share your full webhook code here

its kinda confusing cuz we technically have two webhook events, so I have to test two secrets per event but here

router.post(
  '/stripe',
  express.raw({ type: 'application/json' }),
  async (req: Request, res: Response, next: NextFunction) => {
    try {
      const sig = req.headers['stripe-signature'] as string;
      let event;
        const stripe = await getStripeClient();
        const secretName = process.env.STRIPE_WEBHOOK_SECRETS_NAME || 'whsec_a39b30aa5b...local_key_here...0d9d78e56b';
        if (!secretName) {
          throw new Error('Stripe webhook secret key name does not exist in env variables');
        }
        const secrets = await getSecret(secretName); 
        const secretList = secrets.split(',');
        secretList.forEach((secret: string) => {
          secret = secret.trim()
          try {
            if (!event) {
              event = stripe.webhooks.constructEvent(req.body, sig, secretName);
            }
          } catch (error) { 
            console.log('could not verify stripe event with secret', secret);
          }
        });
      // }
      if (!event) {
        console.log('Stripe event could not be verified, returning');
        return;
      }
      const eventData = event.data.object;

      ... do switch

basically, we have two stripe listeners for each environment, so I my secret variable contains both keys separate by a comma

so this line:
const secrets = await getSecret(secretName);
returns a value like this:

secrets = "dsfglkjdsfgdsfg, sdfgodsfgsdfg"

which is why it iterates over each value in the split

I previously printed the error inside the try/catch which is how I got that error message

Thanks looking

Can you hardcode your secret in there and comment out all of the getSecret stuff

And let me know if you hit the same error?

ok on sec

different error

error: StripeSignatureVerificationError: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

oh let me try this part

I'm seeing this in the docs. didnt see it in the other doc

const header = stripe.webhooks.generateTestHeaderString({
  payload: payloadString,
  secret,
});

wait this is just for testing nvm

Okay yeah so that error is more what I expect, which has to do with not having the raw body

ah wait

wait wait

let me check something

hm nvm

ahh shit

one of express helper functions app.use(...) was causing an issue

now it's working

sorry! totally my fault

thanks for your help