#ioidevs

Hi there, can you double check if you are using the live mode webhook secret (not test-mode) ?

Hi, I'm using test webhook secret, because we didn't go live yet. Test secret worked with deploying backend locally and exposing my app with LocalTunnel. Is there a difference when I deploy to AWS?

Hey! Taking over for my colleague. Let me catch up.

Could you please share how your Lambda Handler looks like?

exports.handler = async (event: StripeTypes.StripeEvent): Promise<{
statusCode: number,
}> => {
try {
const signature = AuthUtils.extractStripeSignatureFromHeaders(event.headers);
let stripeEvent;
try {
stripeEvent = stripeClient.webhooks.constructEvent(event.body, signature, STRIPE_WEBHOOK_SECRET);
} catch (e) {
logger.error(e.message, e);
return ResponseUtils.getClientErrorResponse('Invalid request');
}
}

What does the function AuthUtils.extractStripeSignatureFromHeaders? could you print every value you pass to stripeClient.webhooks.constructEvent function ?

export const extractStripeSignatureFromHeaders = (headers: Record<string, string>): string => {
const out = headers['stripe-signature'] || headers['Stripe-Signature'];
if (!out) {
throw new Error('Stripe signature not found');
}
return out;
}

this is the function. Unfortunately, I don't have access to production and I cannpt share screenshots. But signature and signing secret are not empty, they contain valid values. The only issue I can see is that somehow on AWS instance the "event.body" gets parsed into Object ( or at least it's not the same string ). But maybe I'm wrong and there are more possible problems ?

Yes indeed, the most common issue is that the body of the event has been modified somewhere/somehow, or you are using a wrong Webhook Secret, or a wrong header value get from the request

OK, we'll check this as well and get back to you if the problem remains. Thanks for your help!))

Welcome at any time 🙂