#gyan-webhook
regal flicker
hello! 403 response status code indicates that the server understands the request but refuses to authorize it : https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403.
Are you implementing any authorization on your route?
uncut remnant
I don't have any authentication on that particular endpoint. /ach-payment-webhook
Also, regarding the Webhook signing secret, i see that the signing secret shown in the stripe console is different from the one that shows in my terminal, where i am setting the proxy for the events.
dawn sapphire
👋 stepping in here
the 403 is returned by your server (probably because of Webhook signing secret as you observed), but you should be able to look at your server log to identify what exact line is causing it
uncut remnant
I don't see any server logs related to this, because the route is not getting called at all.
okay looks like some modifications helped. Now am seeing 400 bad request
⚠️ Webhook signature verification failed. No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
dawn sapphire
Okie, yes because the forwarding command will create a new webhook for you and it has a different signing secret
uncut remnant
Should i use the signing secret shown in the webhook stripe console>
uncut remnant
why do i see 2 different signing secret? this one in terminal is different from console.
dawn sapphire
It's because of the forwarding command. It automatically creates a new webhook, so it comes with a new webhook signing secret
"Local listeners"
uncut remnant
okay, so which one should i use in my code?
dawn sapphire
If you are using forwarding -> use the one from the forwarding command
If you are not using forwarding and serve you server online -> use the one in the Dashboard of its URL
uncut remnant
got it
am still getting the same error.
⚠️ Webhook signature verification failed. No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
this is my code segment:
const createStripePaymentWebHook = async (req, res) => {
// Replace this endpoint secret with our endpoint's unique secret
const endpointSecret =
"whsec_8bba45ea7f456e6cf97218c6eee14fe466c4496e889f6a878f8b260c5c8433e8";
let event = req.body;
console.log("The event from webhook: ", event);
if (endpointSecret) {
// Get the signature sent by Stripe
const signature = req.headers["stripe-signature"];
try {
event = stripe.webhooks.constructEvent(
req.body,
signature,
endpointSecret
);
} catch (err) {
console.log(⚠️ Webhook signature verification failed., err.message);
return res.sendStatus(400).end(err.message);
}
}
dawn sapphire
ok that's weird. Did you take this code from a Doc?
uncut remnant
yes from strip doc
dawn sapphire
Did you copied it or downloaded it from here? https://stripe.com/docs/webhooks/quickstart?lang=node
uncut remnant
copied
dawn sapphire
I know it sounds silly but can you try download it and replace with the secret? I want to make sure request.body work correctly without any framework
dawn sapphire
I am stepping out for the day. If you have follow up questions please ask in the channel!