#PrajapatiAk

Hi, does it work on localhost before uploading to netlify?

yes, It is working for localhost

I am afraid we can't help with a specific platform. I would recommend reaching out to their support team or community on how they are parsing the raw data

okay, Thank you!

There are a few suggestions in this thread, just fyi https://github.com/stripe/stripe-node/issues/356

can you please help me with manual verification ?

Code example:

` const sig = req.headers["stripe-signature"];
console.log("SIgn", sig);
// 1. Extract timestamp and sigs from header
const pairs = sig.split(",").map((pair) => pair.split("="));
// 4;
console.log("pairs", pairs);

// 1a. Key/Value pair assignment
const fromEntries = (arr) =>
  Object.assign({}, ...Array.from(arr, ([k, v]) => ({ [k]: v })));
const entries = fromEntries(pairs);
console.log("entries", entries);

// 2. Prepare the signed_payload string
const timestamp = entries.t;
const signedPayload = `${timestamp}.${req.body}`;
console.log("timestamp", timestamp, signedPayload);

// 3. Determine the expected signature
const hmac = crypto
  .createHmac(
    "sha256",
    "whsec_9a3c9ec7bfc20868dfbc71d57822aeb4e5a81aa06afa1c84598ee6f48da9e464"
  )
  .update(signedPayload)
  .digest("hex");

console.log("hmac", hmac);

// 4a. Signature match
const matches = crypto.timingSafeEqual(
  Buffer.from(hmac, "hex"),
  Buffer.from(entries.v0, "hex")
);

console.log(
  Buffer.from(hmac, "hex"),
  Buffer.from(entries.v1, "hex"),
  Buffer.from(entries.v0, "hex")
);

console.log("matches", matches);

// 4b. Timestamp difference within 5 mins
const current = Math.floor(+new Date() / 1000);
const diff = Math.abs(current - timestamp);
console.log("diff", diff);
const exceeded = diff > 60 * 5;
console.log("exceeded", exceeded);
if (exceeded) {
  console.log("exceeded if", exceeded);
  // return errorReport("bad-timing");
}
if (!matches) {
  console.log("bad - signatu");
  // return errorReport("bad-signature");
}`

I'm getting this response
entries {
t: '1682421758',
v1: '1e9142a0f81da8d1b36fa1b9c3b3bea1a1a3168c92ffd8981ee64870f1849bff',
v0: 'cb184ff8aa46b0a252f36d0cb3addaf8de2814eca32b9b39a732b529bf05f9e6'
}

hmac: c9903da04f4b5acbb9b4abea256ea8aeb68cbbe42ebaee04900c35a5951b8bf5

v1 and hmac both are different so verification is going failed.

Umm whyyy are you doing manual verification? It is just harder than using SDK and you have more problems to worry about

It will still have the same raw body issue

I would really recommend sticking with using the verify function from SDK, but invest on resolving the raw body issue

I've already invested a lot in that but not getting any proper solution for that.

Sorry to hear that. How about other hosting provider, or the suggestions on the above thread?

need to deploy on netlify only

What is your code in netlify for now, the one that use our SDK function

yes, I've deployed that version which was using below SDK function but that was not working so right now I'm not checking for verification due to failed verification but I need to verifiy it.
stripe.webhooks.constructEvent( req.body, sig, endpointSecret );

Yep and are you using AWS lambda?

Nope, I'm just deploying my backend on netlify

I guess you can reach out to Netlify support team then, ask them how to create a Body mapping template as mentioned in https://github.com/stripe/stripe-node/issues/356#issuecomment-557779824

Sorry

And if you use express you can reference the raw body line here https://github.com/stripe/stripe-node/blob/master/examples/webhook-signing/express/main.ts#L36

👋 taking over for my colleague. Let me know if there's any follow-up Qs I can answer!

I've already tried that option but not working

let me catch up, give me a couple of minutes

okay

would you mind sharing any event ID?

Sure, "id": "evt_1N0k9RHCyuifzsctRP0Bg0HQ",

I see that this event succeeded in the latest try

on 2023-04-25 12:35:48 UTC

there are many entries but in some cases I'm not checking verification (for testing purpose) then it is going to be success.

hmmm,

I see

I think as my colleague mentioned, this is a bit out of our hand, and more related to Netlify ecosystem

Hi! I'm taking over my colleague. Please, let me know if you have any other questions.