#ggmghoul

hi! that can be caused by many things. I'd start by logging exactly the payload string you pass into the constructEvent function and comparing to the event webhook body you see on the Stripe dashboard for the corresponding event.

I can have a look if you share

• the event ID evt_xxx
• the exact code of your endpoint
• the value of the string you log being passed to constructEvent

hello , okay well i need to tell you some infos first cause it might change things

the webhook request in stripe return 200

but when i debug it locally it returns signatureVerificationError

here : event = stripe.Webhook.construct_event(
payload, sig_header, STRIPE_WEBHOOKS_SECRET_KEY
)

which type the payload has to be ?

it's bytes in my case which worked properly earlier

hmm that makes no sense

it has to be a string.

it's the POST body of the incoming HTTP request, as a UTF-8 string.

I need to see the full code, not just that one line, I need to see how you create the route and read the HTTP body and so on.

it's not a personal project so i'm afraid i'm not able to expose everything

but i get the payload as request.data

the weird thing that i fixed it someday in the past days and i forgot what i did or serched for xD

it was working properly but now it throws that error

although in stripe it's a successful request

to help you I need the information mentioned above

maybe check the git history of your project to see what changed?

nothing changed it suddenly stopped doing its job

can you at least tell what can cause that error ?

and i will figure it out

i can give you the value of the payload

and the event id

but not the code

eventId : evt_3M54JEHrKMzhnGvg01SAgDli

that's the payload

• passing a body to constructEvent that is not the exact raw string from the same HTTP request we sent you. Any change(like in whitespace or ordering of fields in the JSON), will break it, as will not decoding the string into UTF-8 correctly
• using the wrong webhook signing secret whsec_xxx

yeah request.get_json, is wrong, you can't do that.

because that will parse the request body into a JSON object, and then you're co-ercing that to a string, so it loses all the whitespace and ordering of the raw body we send you

you have to access and pass the exact raw HTTP POST body of the request, don't touch it or do any processing to it

i've tried it like this and it's the same

stripe.Webhook.construct_event(json.dumps(request.get_json()), sig_header, STRIPE_WEBHOOKS_SECRET_KEY)

try googling "<name of your Python web framework> get raw POST body" maybe

that's still totally wrong

request.get_json() will never work

okay and what about the timestamp in the headers in case it's and older one from today would it raise the same error ?

it can, if the request is quite old, but I think you get a specific error about that(like "timestamp out of range" or something)

okay at least now i'm sure that's not the case

but that is almost never a problem, this signature verification question comes up dozens of times every day and in 5 years I think I've only seen the timestamp thing be a problem twice

like I said, it's because you're not passing that raw request body as a string

okay may i try a few things and come back ?

sure

btw meanwile , i sent you the event id you can check the event and see that the webhook didn't fail on the server as i mentionned it only does locally

hmm, not sure what you mean by locally. Are you like copying the event somewhere and manually replaying it a local dev server?

that event was sent by us to your server and you responded with success yep. That's all I know.

yes exactly that's what i'm trying to explain

i want to test the actions that need to be executed in each state

so i need to debug locally

I'd suggest using stripe cli and stripe events resend for that https://stripe.com/docs/cli/events/resend

if you copy/paste some event body and try to send it to yourself you will end up changing some characters/whitespace/ordering and break the signature verification, as well as the timestamp getting older

gotta run but my colleague @sharp sky will take over

exactly

okay thank you

hello

Hi! I'm taking over this thread.

Can you try to summarize your question while I cathup?

yes of course

i'm having a problem with the task that should be executed after triggering the webhook

so i wanted to debug locally to figure out the issue noting that it was working properly

when i try the webhook locally i get the Error of signuture verification

basically that's all

might help to share context like how exactly you trigger the webhook locally, and share the code of your endpoint, and to try to change it to read the raw request body and see how that works. (the stuff we talked about extensively)

yes i will

i'm using postman

i send the headers with STRIPE_SIGNATURE as key and value t=xxxx v1=xxxxxx v0=xxxxxx

and in the body i send the raw json by copying and pasting the request in the stripe dashboard

it worked two months ago i think , i was testing it this way and it worked

So you are manually re-sending the event by copy/pasting the values yourself? You should use the Stripe CLI to resend event as karlekko suggested earlier.

I'd suggest using stripe cli and stripe events resend for that https://stripe.com/docs/cli/events/resend

well i saw that the first time i started working on this task but since i tried postman and it worked i didn't think i need to use stripe cli

okay then i will check it out in that case

I strongly recommend using the CLI for this. Or directly user the dashboard since there's a resend button there

if i hit that resend button it won't work locally

i need it locally

You run stripe listen --forward-to xxx and then stripe events resend evt_xxx and the event should be re-sent locally.

okay i will try it

i think the problem isn't in the webhook initially

i just found out about something

sorry for wasting you time but thank you very much anyways both of you