#Vaibhav

Hello 👋
Can you edit out the webhook secret from your code?

@silent dirge I did that but anyway thats the localsecreet

@gloomy oak mentioning you here in this threa

So when you get this error, likely two things are happening

Either the webhook secret is wrong OR the payload is getting parsed to JSON or something.

Do you have a middleware that parses incoming requests automatically? Afaik, constructEvent expects rawBody

    req.Body = http.MaxBytesReader(w, req.Body, MaxBodyBytes)
    payload, err := ioutil.ReadAll(req.Body)
    if err != nil {
        fmt.Fprintf(os.Stderr, "Error reading request body: %v\n", err)
        w.WriteHeader(http.StatusServiceUnavailable)
        return
    }


    // This is your Stripe CLI webhook secret for testing your endpoint locally.
    endpointSecret := "whsec_78....."
    // Pass the request body and Stripe-Signature header to ConstructEvent, along
    // with the webhook signing key.
    event, err := webhook.ConstructEvent(payload, req.Header.Get("Stripe-Signature"),
        endpointSecret)
    if err != nil {
        fmt.Fprintf(os.Stderr, "Error verifying webhook signature: %v\n", err)
        w.WriteHeader(http.StatusBadRequest) // Return a 400 error on a bad signature
        return
    }

    switch event.Type {
    case "invoice.payment_succeeded":
        var paymentIntent stripe.Invoice
        err := json.Unmarshal(event.Data.Raw, &paymentIntent)
        if err != nil {
            fmt.Fprintf(os.Stderr, "Error parsing webhook JSON: %v\n", err)
            w.WriteHeader(http.StatusBadRequest)
            return
        }
        log.Printf("Successful payment for %d.", paymentIntent.AmountPaid)

    default:
        fmt.Fprintf(os.Stderr, "Unhandled event type: %s\n", event.Type)
    }

    w.WriteHeader(http.StatusOK)

here is the full code if it needed

The full code doesn't help as much 😅
You'd need to check if the rawBody is getting modified somewhere.

@silent dirge I understand very difficult to do in the big codebase if any middleware does that or not

Definitely understand but if you're sure that the webhook secret is the correct one then the only other issue could be the rawBody getting modified.

How exactly are you triggering these events?

by locally

@silent dirge

Error verifying webhook signature: Received event with API version 2020-08-27, but stripe-go 74.11.0 expects API version 2022-11-15. We recommend that you create a WebhookEndpoint with this API version. Otherwise, you can disable this error by using ConstructEventWithOptions(..., ConstructEventOptions{..., ignoreAPIVersionMismatch: true}) but be wary that objects may be incorrectly deserialized.

Ah interesting so its the API version mismatch.

I think that's because we pin the API version for go SDK.

let me double check

Yeah, I think the solution here would be to add a second webhook endpoint to your account with the new API version explicitly set to the API version of the stripe-go library

Here's what we recommended for stripe-dotnet (which also pins the API version in the SDK)
https://github.com/stripe/stripe-dotnet/issues/1874#issuecomment-562645726

Apologies for the delay here. Server is extremely busy today

well fornow I am using this

    event, err := webhook.ConstructEventWithOptions(payload, req.Header.Get("Stripe-Signature"),
        endpointSecret, eventOptions)```

Ah okay! The only thing I'd flag there is the shape of the object delivered might be different as the SDK expects a diff API version. The code you have might break easily in case the expected parameter isn't found in the body.