#supa-webhook-signature

Can you do a console log of request.headers? Is anything showing up there?

Hi @feral thistle, thanks.

Nothing is being logged from express

Wait...

Now it's working oO

Lol did you fix something 😄

Wish I could take credit for that one

Glad to hear you're unblocked!

It's weird haha

It works on one implementation but not the other

const asyncHandler = require("express-async-handler");

...

const handleStripeWebhookForBalanceDeposit = asyncHandler(async (req, res) => {
    console.log("request", req.headers["stripe-signature"]); // null
...
}

app.use("/api/stripe", require("./routes/stripeRoutes"));

router.post("/webhooks/deposit-balance", express.raw({ type: "application/json" }), handleStripeWebhookForBalanceDeposit);

When I use this approach, rather than a app.post, so I can separate my endpoints into sets, headers is null

Are all the headers null? Or just the Stripe signature? In other words, is your endpoint actually receiving the webhook?

I am successfully hitting the endpoint, I can output req.body

Weirdly enough, on the implementation above I can get req.body but not req.headers

On Stripe's implementation I can get req.headers but not req.body o_O

That's odd. Each request should have a body as well as headers, so this sounds like something is going awry somewhere in your handler. If you console.log(request); it has literally nothing for headers in some cases and literally. nothing for body in other cases?

Actually I had a route intercepting it I believe, my other implementation

I am successfully getting the body now, but still getting 400 error

event = stripe.webhooks.constructEvent(request.body, sig, endpointSecret);
Think this is giving me 400. All 3 params are not null, but event doesn't log

What's the 400 error? If you're attempting to redirect the webhook, that will not work. Stripe webhooks will auto-fail any attempts at redirecting them

Calling the webhook with stripe trigger payment_intent.succeeded

try block is catching this:

err StripeSignatureVerificationError: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

Right, but what are your Stripe logs saying for that error? Are they saying the same thing?

In the Received events tab on Stripe webste? Showing 400 too

Or is there specific err logs I can look at

There should be an actual error message. I'm just trying make sure that the redirect problem is taken care of before moving on to the next step of troubleshooting

Ooh okay, how do I check that? Sorry really new to Stripe dev :d

err StripeSignatureVerificationError: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
        at validateComputedSignature (/Users/foo/WebstormProjects/bar/node_modules/stripe/lib/Webhooks.js:208:11)
    at Object.verifyHeader (/Users/foo/WebstormProjects/bar/node_modules/stripe/lib/Webhooks.js:103:5)
    at Object.constructEvent (/Users/foo/WebstormProjects/bar/node_modules/stripe/lib/Webhooks.js:10:20)
    at /Users/foo/WebstormProjects/bar/server/server.js:48:33
        at Layer.handle [as handle_request] (/Users/foo/WebstormProjects/bar/node_modules/express/lib/router/layer.js:95:5)
    at next (/Users/foo/WebstormProjects/bar/node_modules/express/lib/router/route.js:144:13)
    at rawParser (/Users/foo/WebstormProjects/bar/node_modules/body-parser/lib/types/raw.js:58:7)
    at Layer.handle [as handle_request] (/Users/foo/WebstormProjects/bar/node_modules/express/lib/router/layer.js:95:5)
    at next (/Users/foo/WebstormProjects/bar/node_modules/express/lib/router/route.js:144:13)
    at Route.dispatch (/Users/foo/WebstormProjects/bar/node_modules/express/lib/router/route.js:114:3) {
      type: 'StripeSignatureVerificationError',
          raw: {
            message: 'No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing',
                detail: {
                  header: 't=1674688760,v1=1423ab24e6059b01857bbb7284492cf067199078b6f5bd334d317a457657530a,v0=3e54f76a6f6362766eeb9f66f6db2038136168e3d6e7146dbfd2270698f10485',
                      payload: [Object]
                    }
          },

      rawType: undefined,
          code: undefined,
          doc_url: undefined,
          param: undefined,
          detail: {
            header: 't=1674688760,v1=1423ab24e6059b01857bbb7284492cf067199078b6f5bd334d317a457657530a,v0=3e54f76a6f6362766eeb9f66f6db2038136168e3d6e7146dbfd2270698f10485',
                payload: {
                  id: 'evt_3MUIFPGGv6vHFsKw0W6uj4jx',
                      object: 'event',
                      api_version: '2022-11-15',
                      created: 1674688760,
                      data: [Object],
                      livemode: false,
                      pending_webhooks: 1,
                      request: [Object],
                      type: 'payment_intent.succeeded'
                    }
          },
      headers: undefined,
          requestId: undefined,
          statusCode: undefined,
          charge: undefined,
          decline_code: undefined,
          payment_intent: undefined,
          payment_method: undefined,
          payment_method_type: undefined,
          setup_intent: undefined,
          source: undefined
        }

Taking a look now

Cheers

So I'm having trouble understanding. You said that the signature is null but it is clearly there in this payload. Are you sure that your code is looking for it in the right place?

Can you post the code for the handler that is throwing this error?

Oh, yeah the signature issue ended up fixing somehow earlier

event = stripe.webhooks.constructEvent(
request.body,  // exists
sig,   // exists
endpointSecret  // exists
);

All 3 values are valid, which I am passing to the constructEvent function, but Stripe doesn't seem to deem the composition of them as valid

what does that mean? What do we deem as invalid?

supa-webhook-signature

Hi @fluid junco

I am getting the above Stripe error No signatures found matching the expected signature for payload

ah yeah that's just super common especially with Node.js

Yet none of the 3 params I am passing to your function are null ^^, so not sure which of the 3 is incorrect

it's either
1/ You use the wrong secret. 90% of the time it's that
2/ You're not passing the raw post body we sent you. 10% of the time it's that because your framework tries to be helpful but really gets in the way

see https://github.com/stripe/stripe-node/issues/341 for the 50+ different potential solutions

User % stripe listen --forward-to localhost:5001/api/stripe/webhooks/deposit-balance

Ready! You are using Stripe API Version [2022-11-15]. Your webhook signing secret is whsec_[SECRET] (^C to quit)

I am using the secret from stripe listen as my 3rd arg secret

Here's my webhook func which I took from Stripe's docs:

app.post("/api/stripe/webhooks/deposit-balance", express.raw({ type: "application/json" }), (request, response) => {
    const sig = request.headers["stripe-signature"];

    let event;

    try {
        event = stripe.webhooks.constructEvent(request.body, sig, endpointSecret);
    } catch (err) {
        console.log("err", err);
        response.status(400).send(`Webhook Error: ${err.raw.message}`);
        return;
    }

    // Handle the event
    switch (event.type) {
        case "payment_intent.succeeded":
            const paymentIntent = event.data.object;
            // Then define and call a function to handle the event payment_intent.succeeded
            break;
        // ... handle other event types
        default:
            console.log(`Unhandled event type ${event.type}`);
    }

    // Return a 200 response to acknowledge receipt of the event
    response.send();
});

Sure but Node.js can have different solution. Refer to the Github issue I just linked you to. It depends on many factors about your own local installation so you'll have to try some of those and figure out what works

Ah ok, thanks

Do you know if bodyParser is necessary? I am not using that

I don't know, I'm not really familiar with the ins and outs of Node and I think it depends a lot on your integration, the version of Express.js you use and such. Trying some of those examples will hopefully yield the right incantation

Alright guys, thanks for the assistance!

Is there any Stripe/Node repo examples I could check out?

but I already gave you the exact near perfect link

it has numerous solutions all in one place

like a repo wouldn't change anything, you could still get the same issue based on your own environment/personal set up

For us the code that is public on our docs does fully work: https://stripe.com/docs/webhooks/quickstart?lang=node

Understood man, thanks

Feel free to resolve this thread

We're happy to help further if you have more specific question but unfortunately I think you'll have to try some of the examples at https://github.com/stripe/stripe-node/issues/341 to confirm

Cheers

I noticed that docs above is issues arising from using bodyParser- where OP says that they don't have issues if they omit bodyParser

I however am getting the issues, even without using bodyParser, so not sure if entirely solves my problem

Resolved!

Changed

app.use(express.json());

to

app.use(
    express.json({
        verify: (req, res, buf) => {
            req.rawBody = buf;
        },
    }),
);

And request.body (from docs) to request.rawBody

Now getting 200 and payment charged events

wewt :). Thanks

damn

One day I swear I will understand what makes the change work