#pants-webhook-signature

Interesting, and this is the same endpoint in the same mode?

its the other way around actually

yes this is live using the same function even

im using a web service actually

does the return url have anything to do with it? const clientSecret = new URLSearchParams(window.location.search).get(
'setup_intent_client_secret'
);

it works ok in test mode by the way

The webhook signature verification only depends on two things: the webhook secret that you use, and that you are using the raw body of the event payload that you get

The client side code will not affect the signature verification

So some events on this endpoint in live work, but not others?

well that part must be ok as im getting setup intent working

i thin kthey are coming through but must be going in to try catch or something

i tried emailing the try catch error but theres no info

but its just weird its working in test mode

And so to be clear, is this all invoice.paid events that are failing in live mode but all setup_intent.succeeded events are succeeding here?

it looks like

but i also get an error The signature for the webhook is not present in the Stripe-Signature header.

from the trycatch

i have paid an invoice in test mode - how can i get it to send to the localhost again if i press resend in the dashboard?

Can you send me an example ID of each of these event types on your account? I can see if there is anything differentiating them that might cause this issue

so its this setup intent did not work evt_1M5UAQJKY8YXH2zhtFoMo0oY

but then this invoice was paid and that worked ok evt_1M5VqJJKY8YXH2zhnTK5sRnx

evt_1M5X5IJKY8YXH2zh6AEUh4AU is actually an invoice.paid event that succeeded. would you be able to find another setup intent event?

sorry is that the message i deleted?

Must have been.

And interesting. I see your server responded with a 200 to evt_1M5UAQJKY8YXH2zhtFoMo0oY as well.

Not immediately seeing a difference that would cause evt_1M5UAQJKY8YXH2zhtFoMo0oY's signature to match but evt_1M5VqJJKY8YXH2zhnTK5sRnx's signature verification to fail.

Is it possible that your integration is modifying these event bodies in any way before trying to verify the signature?

The construct event call needs the exact raw event body that we send. Even whitespace changing can throw the signature off and fail the verification

pants-webhook-signature

but its the same code on both events, same function

Unfortunately webhook signature can be quite finicky

Ultimately it really is a problem with your code and how it parses the data

Are you properly using UTF-8 everywhere? We've seen cases where the code will fail on some Events because a character is not treated as UTF-8 for example

but the event is ok in test mode?

I know and it's frustrating but it still is a problem with your code

Maybe you have the wrong webhook secret in some cases, or don't read as UTF-8 and are just lucky most events are basic ASCII and don't change anything

it is a bit of a mess reading the body i do admit

but i did it in webservice because thats what my app uses and i didnt want to have to duplicate code for the app

and i also havent used .net core before as in your examples

how can you test this though if its live - i have to wait for someone to pay?

Mostly yes

and you think this error is to do with the body rather than the header?

The signature for the webhook is not present in the Stripe-Signature header.

var signatureHeader = WebOperationContext.Current.IncomingRequest.Headers["Stripe-Signature"];

I'm sorry you're losing me a bit. You said earlier it was the same thing and exact code and now you say there's no header

Like if there's no signature in the header, that means your code has no signature to verify, so it's normal that it fails

there is a header

it works on the other event, its the same code

this does this error definitely mean theres something wrong with the header then? or would it also say that if the body didnt match up?

If you have no value in the header then there's a bug with that code

sorry, this is quite confusing right now.

so ill log what the header is for a start on invoice paid

yeah that seems like a good start

and the body text, to check if they match up as you require

can i get back to you with the answer?

sure

will this thread be open or something?

ive just noticed this wetup intent also responds with The signature for the webhook is not present in the Stripe-Signature header.

It depends how busy the server is and when you come back. You can just ask a new question in #dev-help if the thread is closed

but that is successful

Please take some time to carefully debug this, add logs, look at the raw request, compare your environments, etc. Don't rush through this as fast as you can