satyanshy | Stripe Developers | Page 1

lucid yarrowBOT Nov 22, 2022, 9:29 PM

#

tired hedge Nov 22, 2022, 9:30 PM

#

The event Im looking at is the payment success one

#

I'm trying to parse the payload to get the Event, but my request body isn't giving me a payload

spice viper Nov 22, 2022, 9:31 PM

#

Hi, can you share event id? What is the specific issue?

tired hedge Nov 22, 2022, 9:31 PM

#

payment_intent.succeeded

spice viper Nov 22, 2022, 9:31 PM

#

Can you share the request id with me and share each steps for me to better understand what the issue might be?

tired hedge Nov 22, 2022, 9:32 PM

#

yes sure. Would it be possible to hop on call?

#

this is my request id - "id": "evt_3M6sLXL9zQ6YKhaM1ma62ifQ",

#

So I have a webhook that runs on payment intent success to my backend server. I try to parse the post request and see that I need the body, headers, and a secret key to view the event

#

What is the payload argument of the constructEvent supposed to be?

spice viper Nov 22, 2022, 9:39 PM

#

On discord, there is not a call functionality. What are you looking to attain fro the event specifically?

tired hedge Nov 22, 2022, 9:39 PM

#

the meta data

#

"message": "No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing",
"name": "Error",
"type": "StripeSignatureVerificationError",

#

this is the error im getting

spice viper Nov 22, 2022, 9:46 PM

#

Can you confirm that you're using the correct secret webhook key?

#

If you've confirmed that you've used the right secret, then the issue might be on the payload's content which likely is the issue here. Sometimes some languages will tamper with the raw payload and if it's not identical to what Stripe sent you, the signature won't be a match.

tired hedge Nov 22, 2022, 9:50 PM

#

Can you verify what the arguments should be exactly

#

should they all be strings?

#

payload, stripe signature, and the key?

untold trout Nov 22, 2022, 9:54 PM

#

Hi there 👋 taking over for @spice viper

I wouldn't recommend posting payload signatures to this channel

#

If you want to know what the signature is comprised of, I would read this section of the docs about verifying the signature manuall: https://stripe.com/docs/webhooks/signatures#verify-manually

Check the webhook signatures

Verify the events that Stripe sends to your webhook endpoints.

tired hedge Nov 22, 2022, 10:05 PM

#

so what should i do if the language is tampering with the raw payload?

#

how can i get the event?

#

and the associated metadata?

untold trout Nov 22, 2022, 10:08 PM

#

Ah, apologies, I sent you the wrong docs. Those are for manual programmatic verification.

Do you know how to get the raw body of the HTTP request Stripe is sending for your webhook?

tired hedge Nov 22, 2022, 10:09 PM

#

I do not

untold trout Nov 22, 2022, 10:11 PM

#

It looks like you're at least able to get it as JSON based on the message I'm about to delete (due to having a raw signature in it as plaintext), so that's a step in the right direction

#

What language are you using in your webhook handler?

tired hedge Nov 22, 2022, 10:12 PM

#

javascript

untold trout Nov 22, 2022, 10:13 PM

#

Try something like this in your webhook handler:

app.post('/webhook', express.raw({type: 'application/json'}), (req, res) => { const sig = req.headers['stripe-signature']; console.log(sig);

tired hedge Nov 22, 2022, 10:14 PM

#

so im using mongo as my backend server

#

and i have an endpoint set up there

#

is the req.headers[stripe-signature] just meant to be the string "t0=...,v0=...,v1=..."

untold trout Nov 22, 2022, 10:16 PM

#

Yep

tired hedge Nov 22, 2022, 10:16 PM

#

ok so I know that is right for sure

#

How about for the req.body ?

#

is it suppose to be an object?

#

can i send my output for req.body in chat?

untold trout Nov 22, 2022, 10:22 PM

#

So the signature is the issue here, correct? The error we're troubleshooting is related to the signatures not matching, yes?

tired hedge Nov 22, 2022, 10:22 PM

#

yes

untold trout Nov 22, 2022, 10:24 PM

#

So when you add express.raw({type: 'application/json'}) to the webhook handler and initiate a test payment, do you still get the same error?

tired hedge Nov 22, 2022, 10:53 PM

#

I dont think i have the option to use express on mongo

untold trout Nov 22, 2022, 10:59 PM

#

Ah, okay. So you'll need to find a way to get the raw request data (unmodified) directly from the HTTP request that Stripe is sending. I'm not sure what you mean by "im using mongo as my backend server", as that could mean a myriad of things, but the main issue is that somewhere your integration is attempting to check the signature that Stripe is sending and they're not matching, which usually means some technology/framework you're using is modifying the raw payload before the check happens

tired hedge Nov 22, 2022, 11:18 PM

#

is there a way to know what the format is so that I could reformat the request correctly?

#

I think the only thing unformatted is the payload argument. What is the payload argument meant to look like?

untold trout Nov 22, 2022, 11:21 PM

#

It should look like this I believe: https://stripe.com/docs/webhooks/signatures#prepare-payload

Check the webhook signatures

Verify the events that Stripe sends to your webhook endpoints.

tired hedge Nov 22, 2022, 11:54 PM

#

is there any other way

#

assuming that I can't get it formatted?

#satyanshy