#phab

Getting a SignatureVerificationError is quite common. It usually comes from two potential errors:

• You are using the wrong webhook secret. So please double check you are using the correct one. It should look like whsec_xxx and match the one displayed in your dashboard
• The payload you pass in the constructEvent function is not the raw payload. So you need to ensure that you get the raw body of the HTTP request that Stripe sent you, without any interference by your code or framework in the middle.
  To debug this you'll need to add logging to log every value you pass to constructEvent (the payload, the secret, and the signature header) and then we can try to have a look at what part is wrong

What I'm currently doing is taking the JSON payload from the UI, compute signature with current time, generate header with computed signature and same timestamp, which works on my local machine and on the test server to process the event. This would indicate that the actual request body contains some additional data to the expected JSON payload, if I'm not mistaken?

Is there any reason why you're not just utilising the construct_event function from our Ruby SDK?

Sounds like you're manually verifying signatures, which just adds complexity

No, I'm using construct event (that's what I meant with processing the event). The other steps (would actually happen on the Stripe server before sending the event) I'm just doing to understand where the problem is.

Ok, it seems to be some local setup problem on the dev server

Do you have different webhooks configured for different environments? They'll each have unique whsec_xxx keys

yeah, we have different webhooks for different envs, and I tried to monkey patch the secret for desired endpoint, but apparently monkey patching did not work out correctly

Pretty sure it will work now

Great!