gorbypark-webhook-secret | Stripe Developers | Page 1

heady depot Sep 2, 2022, 8:59 PM

#

Hello! Starting up a thread for you

#

Yes, that's where you'd look for the signing secret.

proper phoenix Sep 2, 2022, 9:00 PM

#

great, thanks. So I have something like this, ```js
const endpointSecret = 'whsec_redacted_redacted_redacted';
let event;
...

try {
event = stripe.webhooks.constructEvent(body, sig, endpointSecret);
} catch (err) {
console.log('wrong secret!!');
return new Response(JSON.stringify(err), {
status: 400,
headers: {'Content-Type': 'application/json'},
});
}

but still getting the catch returned

heady depot Sep 2, 2022, 9:01 PM

#

This is in node, right? With node it's really easy to accidentally not use the raw request, which is really important for signature verification

#

What do you get when you log body?

proper phoenix Sep 2, 2022, 9:02 PM

#

it's deno

#

i've logged the sig (header) but not the body, one sec

#

it appears the body is normal, ```
{
id: "evt_3Ldh1LIcQ9TvRlVs2fwndTrk",
object: "event",
api_version: "2020-08-27",
created: 1662152618,
data: {
object: {
id: "ch_3Ldh1LIcQ9TvRlVs2eUal5rj",
object: "charge",
amount: 1099,
...

heady depot Sep 2, 2022, 9:05 PM

#

I think this is probably relevant -https://github.com/stripe-samples/stripe-node-deno-samples/blob/main/webhook-signing/main.js.
It looks like with deno you need to use a different CryptoProvider

proper phoenix Sep 2, 2022, 9:06 PM

#

aha, i'll give that a go

#

hrm doesn't seem to do anything. i found another issue (i was using req.json() and the code you posted said req.text() is needed), but that didn't work either...

#

i might just wholesale copy that code and see if it works 😛

#

ok well that seemed to work...not sure what i was doing wrong, i'll scour my code to see what's up

#gorbypark-webhook-secret