stav | Stripe Developers | Page 1

warped jasperBOT Mar 13, 2023, 8:44 AM

#

dry elk Mar 13, 2023, 8:44 AM

#

Hi there!

#

Getting a SignatureVerificationError is quite common. It usually comes from two potential errors:

You are using the wrong webhook secret. So please double check you are using the correct one. It should look like whsec_xxx and match the one displayed in your dashboard
The payload you pass in the constructEvent function is not the raw payload. So you need to ensure that you get the raw body of the HTTP request that Stripe sent you, without any interference by your code or framework in the middle.
To debug this you'll need to add logging to log every value you pass to constructEvent (the payload, the secret, and the signature header) and then we can try to have a look at what part is wrong

merry lake Mar 13, 2023, 8:56 AM

#

can you help me check it out? Im probably missing somthing,

thats where i get my secret

https://dashboard.stripe.com/test/webhooks/{secret}

and thats my code snippet

var json = await new StreamReader(HttpContext.Request.InputStream).ReadToEndAsync();
var stripeSignature = Request.Headers["Stripe-Signature"];
var secret = ConfigurationManager.AppSettings.Get("STRIPE_WEBHOOK_SECRET");
try
{
var stripeEvent = EventUtility.ConstructEvent(
json,
stripeSignature,
secret
);

//
//
catch (StripeException e)
{

            return new HttpStatusCodeResult(401);

}

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

dry elk Mar 13, 2023, 8:57 AM

#

Have you done this?

To debug this you'll need to add logging to log every value you pass to constructEvent (the payload, the secret, and the signature header) and then we can try to have a look at what part is wrong

merry lake Mar 13, 2023, 9:01 AM

#

yes

dry elk Mar 13, 2023, 9:03 AM

#

And so? What did you see?

merry lake Mar 13, 2023, 9:03 AM

#

i see i do get a signature and that my secret is currect

dry elk Mar 13, 2023, 9:05 AM

#

So you triple checked that the secret match the one in your dashboard? It should look like whsec_xxx
If so, then the issue is most likely your payload. So you need to ensure that you get the raw body of the HTTP request that Stripe sent you, without any interference by your code or framework in the middle.

warped jasperBOT Mar 13, 2023, 9:11 AM

#

merry lake Mar 13, 2023, 9:14 AM

#

ok , i see it start with "we_" not whsec_xxx, my bad

#

so where can i find the secret?

tiny glen Mar 13, 2023, 9:15 AM

#

Hey! Taking over for my colleague. How are you adding the webhook endpoint ?

merry lake Mar 13, 2023, 9:15 AM

#

what do you mean by adding?

tiny glen Mar 13, 2023, 9:15 AM

#

merry lake what do you mean by adding?

Creating*

merry lake Mar 13, 2023, 9:15 AM

#

using the dashboard

tiny glen Mar 13, 2023, 9:15 AM

#

For example if you used the dashboard:
https://stripe.com/docs/webhooks/signatures#:~:text=Before you can verify signatures%2C you need to retrieve your endpoint’s secret from your Dashboard’s Webhooks settings. Select an endpoint that you want to obtain the secret for%2C then click the Click to reveal button.

#

For example when selecting a webhook:
https://dashboard.stripe.com/test/webhooks/we_1234

merry lake Mar 13, 2023, 9:17 AM

#

ok got it thanks

#stav