#mhassaan

Hi there!

hi

This error usually comes from two potential mistakes:

• You are providing the wrong endpoint secret. So can you double check you are using the correct one? It can be found in the dashboard when looking at the webhook endpoint

• You need to ensure that you get the raw body of the HTTP request that Stripe sent you, without any interference by your code or framework in the middle.

I once used webhook ID instead of signing secret.. Just in case you mixed it up accidentally as I did 😄

Strange i have verified both of the things you mentioned but still no luck

Can you share your webhook endpoint (we_xxx)? And when you log the payload, do you get a JSON object or a string?

sure let me log the new ones

If you are using Node.js and you use bodyParser to receive payload in JSON format, make sure to add something like this to get raw body:

app.use(bodyParser.json({
        // Because Stripe needs the raw body, we compute it but only when hitting the Stripe webhook URL.
        verify: (req: Request, res, buf) => {
            const url = req.originalUrl;
            if (url.startsWith('/webhooks/payment')) {
                req["rawBody"] = buf.toString()
            }
        }}));

then when constructing event, you access raw body with request.rawBody

I've struggled with this a week ago so I thought it might be useful to jump in. Good luck!

i am using ruby-client

Here is my payload which actually is a JSON object

{
    "id": "evt_1LiGxjDQO0BkfsaCXNdxBcCV",
    "object": "event",
    "api_version": "2022-08-01",
    "created": 1663244075,
    "data": {
      "object": {
        "id": "cs_test_a1bXijDFsXPWcv8h4hG3qgRL3LZh8GZHyadA4qsBlcueH0MNsP16eOsMbA",
        "object": "checkout.session",
        "mode": "payment",
        "payment_intent": "pi_3LiGxgDQO0BkfsaC0goJhVTz",
        "payment_link": "plink_1Li3GqDQO0BkfsaClmqopZSN",
        "payment_method_collection": "always",
        "payment_method_options": {
          "card": {
            "installments": {
              "enabled": false,
            },
          },
        },
        "payment_method_types": [
          "card",
        ],
        "payment_status": "paid",
        "phone_number_collection": {
          "enabled": false,
        },
        "url": null,
      },
    },
    "livemode": false,
    "pending_webhooks": 1,
    "request": {
      "id": null,
      "idempotency_key": null,
    },
    "type": "checkout.session.completed",
  }

here is Webhook id: we_1Li6luKHaskwjjyZ72CeUVvv

Here is my payload which actually is a JSON object
If it's in JSON format, then it's not the RAW body (it should be a plain string).

Thats how i am passing the payload

webhook_secret = ENV["webhook_secret"]
    payload = request.body.read
    if !webhook_secret.empty?
      # Retrieve the event by verifying the signature using the raw body and secret if webhook signing is configured.
      sig_header = request.env["HTTP_STRIPE_SIGNATURE"]
      event = nil
      begin
        event = Stripe::Webhook.construct_event(
          payload, sig_header, webhook_secret
        )
      rescue JSON::ParserError => e
        # Invalid payload
        status 400
        return
      rescue Stripe::SignatureVerificationError => e
        # Invalid signature
        puts "⚠️  Webhook signature verification failed. #{e.message}"
        status 400
        return
      end
    else
      data = JSON.parse(payload, symbolize_names: true)
      event = Stripe::Event.construct_from(data)
    end
case event.type
.....

i have no idea what am i missing 😦

aah ok so i need toa pass raw body

here is Webhook id: we_1Li6luKHaskwjjyZ72CeUVvv
Can you confirm that your webhook_secret looks something like this: whsec_xxx and ends with hQ?

yeah exactly

Got it. Then yes it looks like the issue is that you are not passing the raw body.

so instead of passing request.body.read i should use request.raw_post ?

I'm not really familar with Ruby, so I'm not sure. Can you try it?