#Ancuta Mavrck

Hi 👋

Yes that is where you would retrieve the webhook secret for your published webhook endpoint

hmm okay. I checked, and the right secret is used for signature verification. Any idea why it is failing?

There was no problem on localhost

[1] com.stripe.exception.SignatureVerificationException: No signatures found matching the expected signature for payload at com.stripe.net.Webhook$Signature.verifyHeader(Webhook.java:102) at com.stripe.net.Webhook.constructEvent(Webhook.java:50) at com.stripe.net.Webhook.constructEvent(Webhook.java:30)

When you say it was working with localhost but not working when deployed, were you using stripe listen to forward webhook events to your local dev box?

yes. I was using stripe listen

Have you added logging directly in the webhook handling code to verify that the webhook secret and stripe signature header are showing up as you expect? THe most common issue is the Secret not getting passed to the webhook code when deployed.

yes, I logged the secret, stripe signature header and the request body and they seem correct

I can send you in private the secret, signature header and payload to check if they are correct

Please do not

1. It's insecure
2. It won't help me at all

These issues tend to be very unique to the environment in which they are occurring. Can you verify your hosting service is not transforming the request body in any way?

I just checked the request body that is retrieved by the hosting service and the request body which Stripe sent. The content is identical

Including whitespace?

There is a gateway service which forwards the requests to the underlying service. I think it might affect the request body in a way. I'll double check. Thanks for the support