#anndonnelly

I'm sorry that statement doesn't make sense. You don't "implement webhooks"

Stripe sends webhooks to a URL you specify and you receive/process them

I am trying to build the endpoint in order to update subscription data on our side

👋 stepping in as Snufkin needs to step away

Are you attempting to verify signatures manually or using one of our libraries?

The issue above is that your raw body is not actually the raw body

It is the JSONified raw body

what content-type should the request be? text?

How are you obtaining the body?

It should be binary

Oftentimes frameworks manipulate the raw body since it is helpful 99% of the time

But you will need to stop that from happening in order to perform signature verification successfully.

It looks like you are using our PHP library, no?

yes I am

Gotcha. Can you share your webhook code?

Yep so the issue is most likely your $request->getContent()

That is likely JSON'ing the request body

Notice how in our webhook builder (https://stripe.com/docs/webhooks/quickstart?lang=php) we just pass the $payload right to constructEvent and the payload comes straight from @file_get_contents

So I'd recommend logging out your $request and playing with it until you can get the raw body as binary (not JSON)

ouptut from getContent()

Yep so see how that is JSON

Can you just log $request and see what the body looks like there

It will likely be a huge payload

But pretty sure the getContent() function is what is manipulating the raw body

Okay nope looks like it is happening earlier on

What framework are you using?

laravel

Looking but not sure how to stop Laravel from manipulating the raw body...

Can you verify that payload is a valid request? Is it formatted properly? Does it timeout, do I need a fresh event

The payload is valid in that it is a Stripe Event, but it is invalid in the sense that it is not the raw body here. It has already been turned into JSON which prevents the signature verification

Ok that's helpful

I'm still looking, but the way to solve this is to figure out how to stop Laravel from manipulating the raw body when you receive the request to your endpoint

Ok to confirm, we have a stripe customer portal and the final pieces we are trying to implement is the ability to upgrade a subscription or cancel a subscription. Is is possible to parse out the payload we have and not have to construct the events with the php code example given?

Well you really do want to construct the Event and you want to use webhook signature verification to ensure your endpoint is secure.

Give me a sec to check with my colleagues to see if any of them have used Laravel and know how to do this

Thank you

Are you using Cashier?

no

Yeah okay... this is pretty easy with Cashier (https://laravel.com/docs/9.x/billing#defining-webhook-event-handlers)

Might be worth trying something like this: https://github.com/spatie/laravel-stripe-webhooks if you aren't using Cashier

@north escarp still around?

I did get some clarification here that may help

yes here

Okay so turns out your logs mostly look right except that we did notice there aren't line breaks

I was mistaken earlier... you won't be seeing the binary buffer with PHP

So mostly it does look like you are getting the raw body of the request. Do you know if your logs are stripping out the line breaks?

Also, how are you triggering Events here?

And have you double-checked that your webhook secret is the correct one?

That could also be the issue... for instance if you use the CLI then the CLI will provide you with a secret instead of the one you would get from the Dashboard

we're using webhook signing secret found in Dashboard which I am assuming is reliable to use?

Hey sorry i missed this update

If you're testing with the CLI & forwarding, you need to use the signing secret provided by the CLI when you run listen