#bkrnetic

I would start by using the example implementation at https://github.com/stripe/stripe-node/tree/master/examples/webhook-signing , since the usual problem here is that Node web frameworks make it very hard to get the original raw HTTP POST body without parsing it from JSON into an object first, which causes the signature to not match.

Hmm, I've followed these steps and I got no luck fixing the issue.

can you clarify the exact error message you're getting?

also, when you add some logging, what are the values you're passing to constructEvent, are any of them null?
can you share the evt_xxx ID evt_xxx of the event where you're getting the error?

your value wh_2425tsg seems wrong to me also, that looks like the ID of a webhook. What you want is the 'signing secret', which looks like whsec_xxxx

Ok, I will do it, sec

You were right, I had the webhook ID instead of secret. I've changed it and this is the same error I'm getting:

"message": "//github.com/stripe/stripe-node#webhook-signing"

This is the data of the request:

Header: t=1662389366,v1=63b3e2444dfd5ea79d0c68b6dca9539ec3a8a54b3b74204c70558b37eca877ea,v0=b2f45d7786bf0dcdb4728e4a07081620e3cddcb7bc7d9be9349d7d43270b0d32

Webhook secret: whsec_jS0Fg9kJfIXwLPwlcIkdQo3hRlkXWkRj

If you expand my file you can see the request body data (it's an event object)

automatic_tax: [Object],

that means it's being parsed into an object already and is not the raw JSON

so you need to use an approach like the one in the example repo I posted to use things like bodyParser's raw mode to get the raw POST body from the request and not the parsed version

on https://github.com/stripe/stripe-node/issues/341 there's a lot of discussion and examples for various frameworks on how to do this

Okey, thanks a lot. I will look into them

feel free to share your exact full code for the endpoint too if that would help

I might, but let me first try to fix the issue, I need to try few things now

thanks!

Should such raw json be ok as a raw request body?

yep that looks correct

Instead of the approach of many, I've used JSON.stringify(request.body) method which is much cleaner.

Still I'm getting the same error.

This is the part of code that handle event creation

This is the header:
t=1662391012,v1=25a4f0f6b569aacb3b2b5477ead59584fd55cf05ae04f6a46e78327a1075de5b,v0=d3d36b1a407b2d79fa2575cda63715a0b5f6eecc7f02fb5087b0ffaf2d3ae286

This is whsec: whsec_jS0Fg9kJfIXwLPwlcIkdQo3hRlkXWkRj

JSON.stringify(request.body) method which is much cleaner
that won't work though

since it it will e.g. change the order of the keys on the JSON and change the whitespace. Stringifying the raw JSON we post will not give you the same JSON, so the signature computed is not the same since it's not computed against the same thing

the only option is to get the exact raw HTTP POST body from the incoming request, that's the only option that will work

ok, thx! I'm working through the exmaples you've provided before.

Finally done it. Thanks a lot..

great! so it's working now?

Yes it does. I've replaced app.use(bodyParses.json(); with conditionally parser:

app.use(bodyParser.json({
        // Because Stripe needs the raw body, we compute it but only when hitting the Stripe webhook URL.
        verify: (req: Request, res, buf) => {
            const url = req.originalUrl;
            if (url.startsWith('/webhooks/payment')) {
                req["rawBody"] = buf.toString()
            }
        }}));

and then I accessed it like this:

//@ts-ignore
request.rawBody, //This is manually set in app.ts

awesome, thanks for following up!