#kentin12

Sounds like you were following this guide, yes?

https://stripe.com/docs/webhooks/signatures#verify-official-libraries

Yeah definitetly

Okay, so when you do a console.log(); in your webhook handler, it is saying that it's undefined?

yes when i console.log() the req.headers["stripe-signature"] it's undefined.

so have tried to set the header manually from the front but it return: Error data : Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?

What version of the API are you on?

apiVersion: "2022-11-15"

Do you have an example Event I can look at? Specifically an Event ID for an Event that isn't showing the webhook signature

lemme describe the process am following currently, have set up the webhook handler on backend with the one example have found on the stripe documentation, then from the frontend as data i sent the paymentId and webhook secret so is the paymentId you are talking about right ?

No. The Event is an object that Stripe creates when something happens on your account (e.g. a payment is created). This Event gets sent from Stripe to your webhook endpoint, which you would have configured here: https://dashboard.stripe.com/test/webhooks

You don't send anything to the webhook endpoint. Stripe does.

ummm

I'm not sure how to respond here. Do you have a follow-up question?

Okay, good. So you have a webhook endpoint set up. Can you share the code that you're using in your handler?

public async validatePayment(req: Request, res: Response, next: NextFunction){
const sig: any = req.headers['stripe-signature'];

console.log(sig);

let event: any;

try {
event = this.stripe.webhooks.constructEvent(req.body, sig, endpointSecret);
}
catch (err: any) {
res.status(400).send(Webhook Error: ${err.message});
}

switch (event.type) {
case 'payment_intent.succeeded':
const paymentIntent = event.data.object;
console.log('PaymentIntent was successful!');
break;
case 'payment_method.attached':
const paymentMethod = event.data.object;
console.log('PaymentMethod was attached to a Customer!');
break;
default:
console.log(Unhandled event type ${event.type});
}

res.json({received: true});
}

Have juste copied and the example i saw in the doc

That looks a bit different from what I see in the doc. Which doc did you get that from?

Hello! I'm taking over and catching up...

So console.log(sig); logs nothing? If you change it to console.log(req); what do you get?

Hi

https://stripe.com/docs/webhooks/signatures#verify-official-libraries

I wanted to understand if we can get any Static Ip from Stripe that can be whitelisted?

You mean you want a list of the IPs our webhooks come from?

If so we have a list here: https://stripe.com/docs/ips#webhook-notifications

But confirming the webhook came from one of those IPs is not sufficient to be sure it came from Stripe, you still need to perform signature verification.

Hi console.log on req looks like this one:

not able to see your reply

Which reply?

What version of Express are you using?

@winged pond am using: "express": "^4.18.2",

Try req.get('stripe-signature') and see if that works.

@dense bison this one is the doc am using

Okay lemme try

Yes I understand Stripe signature verification is necessary... however due to HMAC imementaruon the result is not always coming as expected

We tried using libraries as well.. but the result is not consistent

any one has done stripe signature verification in Mule?

@narrow torrent Can you move to the Shivani thread instead of talking in this one please?

@winged pond , console.log("stripe signature: ", req.get("stripe-signature"));still return undefined, umm the way am performed the test will occure the issues ? like am trying to test both from the mobile app and the swagger. but the error differe according to am on the swagger or on the mobile. right now the error message on the mobile is: Error data : Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
and on the swagger: Webhook Error: No stripe-signature header value was provided.

but let's just focus ourself on the live testing....

Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? this one is the error...

Can you give me the Event ID of one of the Events you're testing with? It starts with evt_

ok

"id": "evt_3N1XdkDsNEXKQJNj0H74ELZe" this one for example

But am not able to see the latest have tried

Okay, and you have two different systems you're trying to use with this Event? Or are both of those errors coming from the same system?

Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? this one is the error...

this one comme from the flutter mobile app on frontend

we can focus ourself on this one.

Okay, so in that code you are getting the signature? Like if you log the stripe-signature header you're seeing a value there?

ummm not yet... lemme check once again

@winged pond am not able to see it on prod, but the event ID is: evt_3N1Z42DsNEXKQJNj1MCqeBSV

The main this is if your code can get the stripe-signature header or not. If you log out the value of that header what do you see?

[log] header response -: x-dns-prefetch-control: off
date: Thu, 27 Apr 2023 18:26:24 GMT
vary: Accept-Encoding
origin-agent-cluster: ?1
content-encoding: gzip
server: LiteSpeed
cross-origin-resource-policy: same-origin
content-length: 212
etag: W/"129-kqD07NKkgWRyI+yrS5rQUGoel28"
x-frame-options: SAMEORIGIN
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
connection: close
x-tuned-by: N0C
access-control-allow-origin: *
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: no-referrer
x-permitted-cross-domain-policies: none
expect-ct: max-age=0
cross-origin-opener-policy: same-origin
content-type: text/html; charset=utf-8
x-xss-protection: 0
cross-origin-embedder-policy: require-corp
x-turbo-charged-by: LiteSpeed
x-powered-by: Phusion Passenger(R) 6.0.14
x-download-options: noopen
x-content-type-options: nosniff

this one is the header get from the flutter app

That's not the webhook request. A webhook request won't be sent to your client, it will be sent to your server.

Yeah definitely.

Lemme try to found out the way to get the logs from the server