#artursir

and another one include proper header it seems ``` {
"name": "Stripe-Signature",
"value": "t=1665731125,v1=d8dc6b9970e0cf5d76ba16a2f34488978f582b7a3a7c9994441e90a6b7bfa0af,v0=40b039621bf7336467c38e40f4bae7af225f2423b2f54e5b0ed81e4254c70483"
},

I think this is the reason why we get SignatureVerificationException exception: No signatures found matching the expected signature for payload

one of the webhooks has not got proper headers

what do you think?

Um yes looks like so. But you would want to investigate why there are 2 webhook events? Did you find them at https://dashboard.stripe.com/test/events ?

not, just in our logs but looking at https://dashboard.stripe.com/test/events I can find last log from Sep 27th :/

will you be able to explain why we get 2 webhook events and one of them doesn't have proper headers?

We need concrete Id to look at. Do you have those 2 event ids? evt_xxx

they are not displayed in the event logs for some reason (bug?), last logs are from September in my dashboard but I can give you IP and timestamps for both of them

IP 172.16.2.110 | bad webhook timestamp: 1665731125359 | good webhook timestamp: 1665731125629

does it work for you?

Um that's still hard to investigate. Do you have any ID it points to? (And what events is that?)

https://dashboard.stripe.com/acct_1C59YsF6JJPoGMup/test/events/evt_1LshxQF6JJPoGMupbSG0ZJ73

have found 🙂

Hi! I'm taking over this thread.

This event evt_1LshxQF6JJPoGMupbSG0ZJ73 was sent to two different webhook enpoint that shared the same URL. So it's expected that you received the same event twice with different signature.

How can that happened if we have only one endpoint cosfigured in test mode?

https://dashboard.stripe.com/test/webhooks

we get the SignatureVerificationException exception: No signatures found matching the expected signature for payload

that is the reason we contact you

I agree this is confusing but it's actually expected. In this case the test webhook enpoind and the live webhook endpoint received the event. This behavior is explained here:

For Connect webhooks, it’s important to note that while only test webhooks will be sent to your development webhook URLs, both live and test webhooks will be sent to your production webhook URLs. This is due to the fact that you can perform both live and test transactions under a production application. For this reason, we recommend you check the livemode value when receiving an event webhook to know what action, if any, should be taken.
https://stripe.com/docs/connect/webhooks

so in case test transaction also live webhook endpoints are used for transactions?

You have a testmode webhook endpoint we_1J0vLO2AkROc6diVMJQRjsFI
You have a livemode webhook endpoint we_1FGm792AkROc6diVy0F6YKIE
Both point to the same URL. And the event evt_1LshxQF6JJPoGMupbSG0ZJ73 was sent to both of these endpoint (as explained above).

ok, thanks for your help!