#Cvijo

So that error usually happens for either two reasons: the wrong webhook secret was used or the webhook body was modified before passing it in to the construct event function

Have you double checked that you are using the correct webhook endpoint secret? Keep in mind that the secret is different for each endpoint

i checked both, i did not change json body and webhooc secret should be the same

this is in test environment btw

Sorry deleted that message as the secret shouldn't be shared on public channels. You can share account IDs but secrets are not safe to share.

yeah i figured it .. it is test environment so i paste it

Can you show me your code for getting the webhook body and passing it in to the constructEvent function?

Yeah that only affects test environment so very low stakes

var stripeSignature = HttpContext.Current.Request.Headers["Stripe-Signature"];

var json = await new StreamReader(HttpContext.Current.Request.InputStream).ReadToEndAsync();

var stripeEvent = EventUtility.ConstructEvent(json, stripeSignature, endpointSecret, throwOnApiVersionMismatch:false);

Thank you

when i used this code with cli and forward to in my debug environment it did work

And you changed the secret between the cli listener and the one from your dashboard?

yes

i only used secret from cli in my local environment

Also, because this does sometimes happen, have you double checked that the endpointSecret variable is still being populated? Like if you log it to your console just before ConstructEvent does it say the right thing?

yes, i have double check that too .. i log it to my logger and everything is set .. signature, secret and json

i even try local with postman and used same signature Stripe send me: t=1683731044,v1=7aeccb73f591bf1ebe936c42e08ead3b7fb2d4643fee7945f740b54f1dbb7922,v0=0ce7e5d4d109a6327aef8605df3d1b1039efec2ed8b7b58dd653cdee950c4b8d , and use same json from stripe event view

Gotcha. I think for now you should just test with events coming directly from Stripe. That setup may not mimic our calls exactly which could throw off the computed hash

Or you might be mimicking it perfectly but it is hard to say until the events coming directly from Stripe work

Apologies still looking in to this. I think this may be an issue with the request body in some way and am checking in to common .NET pitfalls for this

ok, thank you Pompay

Can you try
var json = await new StreamReader(HttpContext.Current.Request.Body).ReadToEndAsync();
Instead of
var json = await new StreamReader(HttpContext.Current.Request.InputStream).ReadToEndAsync();
I see that our interactive webhook builder uses Body instead. Not sure if that makes enough of a difference to throw off the hash https://stripe.com/docs/webhooks/quickstart?lang=dotnet

problem is i am using .net framework 4.6 in our project, your code is for .net core ... so i dont have HttpContext.Current.Request.Body available

👋 stepping in

Need a couple mins to catch up

hey @dim pivot i figure it out ... it's of course problem in our end, but you give me good guidance to check this inputstrem... problem was in .net framework you have to use InputStream to read body, and in our case other process already read body and to read it again you must set HttpContext.Current.Request.InputStream.Position = 0; ... in .net core you can read same body multiple times. So just to let you know if you encounter with somone with same problem 🙂 .. i tested this now and it worked ! .. sorry guys for your time @hushed kernel and @dim pivot

Glad you figured it out and thanks for sharing the solution!