#Gonza

I'm using nodejs

Hi there!

Hi!!

Getting a SignatureVerificationError is quite common. It usually comes from two potential errors:

• You are using the wrong webhook secret. So please double check you are using the correct one. It should look like whsec_xxx and match the one displayed in your dashboard
• The payload you pass in the constructEvent function is not the raw payload.

Yes, I have already done this 2 verifications

I will give you an sample of it

Yes, can you share your code?

BODY: <Buffer 7b 22 69 64 22 3a 22 65 76 74 5f 33 4c 70 39 64 49 42 43 69 56 34 73 70 4f 4f 47 31 78 37 68 5a 42 51
SIGNATURE : t=1664884198,v1=d7409b0952e0a264e9073b42285abe34b63ad034420073ebccb0dc2eb9d76607,v0=5d3682d54e72d107cae655bf51aedacb6ccfed335a9ba16098e28afcdffc58bd
WEBHOOK_SECRET: whsec_e57f3f51fec3512198342ad69b385ad8...

Thanks! And what's your webhook endpoint (we_xxx)? Or maybe you are using the Stripe CLI?

Right now I'm using stripe cli

So you are using the webhook secret that you can see in your terminal when you type stripe listen?

Yeap

I'm getting error 400 since the error come from the construct event

And where do you see the "Error: No signatures found matching the expected signature for payload."?

Exactly

Hum... interesting.

Could you share more of your code that is handling events?

Yes sure

In the routes I'm having this

That looks correct! And where are the variables payload and signature coming from?

This is in the controller

Thanks! Well everything you shared so far looks correct. The only thing I can't check on my end is if you are using the correct webhook endpoint secret. So could you:

• Rerun stripe listen
• copy the whsec_xxx and past it in your code
• and check if you are still having this issue

Yes, I have the same webhook secret

Thanks, give me a few minutes to think about this.

Sure thanks

Could you share your full code as text? It's a bit difficult to follow with a few random screenshots.

Yes sure

I put all in the same file

Hey, taking over here,

Do you have a global JSON parser configured with your root express app ?

if so, probably you should skip that parser for the webhook endpoint. Something like this:

app.use((req, res, next) => {
  if (req.originalUrl === '/webhook') {
    next();
  } else {
    express.json()(req, res, next);
  }
});

https://github.com/stripe/stripe-node/blob/master/examples/webhook-signing/node-express/express.js#L10

I did that,
in the config file I have the following:

export default (app: Application) => {
app.use((req: Request, res: Response, next: NextFunction) => {
if (req.originalUrl.startsWith('/webhook')) {
next();
} else {
express.json({ limit: '100mb' })(req, res, next);
}
});
app.use(
express.urlencoded({
extended: true
})
);
app.enable('trust proxy');
app.use(compression());
};

And in the route file I have this:
router.use('/webhook', express.raw({ type: 'application/json' }), webhook);

I see you are using compression() also which affect the request body I think

For the webhook endpoint you need to do nothing on the request body, it must be unchanged

Yes, I commented those lines but I'm still having the error

Here is a sample of what I have in the body, signature and webhook secret

BODY: <Buffer 7b 22 69 64 22 3a 22 65 76 74 5f 33 4c 70 39 64 49 42 43 69 56 34 73 70 4f 4f 47 31 78 37 68 5a 42 51
SIGNATURE : t=1664884198,v1=d7409b0952e0a264e9073b42285abe34b63ad034420073ebccb0dc2eb9d76607,v0=5d3682d54e72d107cae655bf51aedacb6ccfed335a9ba16098e28afcdffc58bd
WEBHOOK_SECRET: whsec_e57f3f51fec3512198342ad69b385ad8...

Can you do a quick test, with a manual verification of the webhook event?
https://stripe.com/docs/webhooks/signatures#verify-manually

Ok, I will do it

I have the same format of signature

I think the signature is correct

Maybe, if you have time we can do a call to see it

What do you mean by the same format ? The signature that you compute and the signature value you get from the header, must be the same

Ok, I'm trying to verify the signature now

I will tell you in a while

In your config file, did you tried something like this?

export default (app: Application) => {
  app.use((req: Request, res: Response, next: NextFunction) => {
    if (req.originalUrl.startsWith('/webhook')) {
      next();
    } else {
      express.json({ limit: '100mb' })(req, res, next);
      compression()
    }
  });
  //app.enable('trust proxy');
};

Yes, I did it but still have the error. Now I'm trying to verify the signature

maybe is something related to the signature

The rest of the code look's well since I follow the oficial documentation

Hi there 👋 I'm jumping in as my teammate needs to step away soon. Looking through the snippets that you've provided, it looks like you may be passing the entire request object to your body variable instead of just the request's body:
const { body } = req;

Well I trying to get the hash, but I'm getting diferent v1

here is the hast value getting in the page 30e5f7fb808c3e985fef9826c0d4d53f49dc8c9bc51e14f6a0aebcaa6aeed100

here is the v1=c4bff89e9ae91205f3d39ca97f2402221f2af4078d6455adfffa7c066d4bdd87

Done I was able to fixed it

The problem was that I use a gateway and that gateway format the body diferent so now I avoid to used it and the problem was fixed

Gotcha, glad to hear you were able to resolve it!