Blitoka33 | Stripe Developers | Page 1

livid echoBOT Feb 1, 2023, 5:01 PM

#

azure grove Feb 1, 2023, 5:01 PM

#

Hi there

tame crown Feb 1, 2023, 5:01 PM

#

Hi

azure grove Feb 1, 2023, 5:01 PM

#

You are seeing a signature eerror?

tame crown Feb 1, 2023, 5:01 PM

#

Nope, no error

azure grove Feb 1, 2023, 5:01 PM

#

Have you added logs to ensure your endpoint is getting hit?

tame crown Feb 1, 2023, 5:02 PM

#

The webhook runs if I try to log at the first line of the post request, I get a print.

azure grove Feb 1, 2023, 5:03 PM

#

Okay but you aren't seeing an error in your catch block?

tame crown Feb 1, 2023, 5:03 PM

#

No, I don't.

azure grove Feb 1, 2023, 5:19 PM

#

Hmm that's odd

#

Sorry for the delay

#

Server is quite busy

#

So you have a log within your /webhook endpoint

#

And you do see that

#

Can you share your code with the logs?

tame crown Feb 1, 2023, 5:20 PM

#

Yeah, it gets triggered, but no webhook log came in.

#

so I printed an asd at the beginning and it runned.

azure grove Feb 1, 2023, 5:23 PM

#

Okay and if you log event what do you see?

tame crown Feb 1, 2023, 5:23 PM

#

nothing

azure grove Feb 1, 2023, 5:27 PM

#

Undefined?

#

What is nothing?

tame crown Feb 1, 2023, 5:28 PM

#

It doesn't print anything, like the code doesn't even run.

#

which is kinda weird.

#

Oh I see the issue, nevermind.

#

The Try-Catch was going to give an error, but it didn't because I blocked it with something.

#

No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

Now this is the error I get.

azure grove Feb 1, 2023, 5:32 PM

#

Okay thanks

#

Are you using express.json?

#

This usually messes with the raw body

#

Which is required for signature verification

#

I usually do something like app.use((req, res, next) => { if (req.originalUrl === '/webhook') { next(); // Do nothing with the body because I need it in a raw state. } else { express.json()(req, res, next); // ONLY do express.json() if the received request is NOT a WebHook from Stripe. } }); to avoid this issue

frosty rover Feb 1, 2023, 5:34 PM

#

Throwing in to be even more didactic: Stripe uses "stegonography" to encode extra data on the webhook JSON body. They use non-coding extra spaces, line breaks, tabs, etc. This can still be parsed as JSON, but the signature verification needs the non-coding parts - that's why you have to be quite careful to not modify it at all before checking signature. (it also kinda masks the issue - the body parses as JSON just fine, so it looks like it's correct, but the verification fails). This is often caused by using request.body instead of request.rawbody, or by something like Express middleware.

tame crown Feb 1, 2023, 5:35 PM

#

Yes, I am going to fix this then.

#

It worked, thanks for both of you.

#Blitoka33