#bwestwood11

Hello! What's the Event ID?

https://dashboard.stripe.com/test/events/evt_1NQwaoIPblDJirEcRkvz0ShS

Your server returned a 200 HTTP status code, so we consider that a successful delivery, but there is an error in the body of the request. Looks like the webhook handling code on your end isn't extracting the Stripe-Signature header from the request correctly.

yea that's what I was thinking and I have searched the internet for answers and feel like I have tried everything

here is my code

So right after you create the signature variable if you log it out does it contain what you expect?

let me try

I guess to view the console. I would have to use the CLI and test locally?

Yeah, or open the console on your server, or log to a file on your server, something like that.

Okauy i just did the CLI locally and that was a 200 with a reposnse body

let me try again with the other endpoint, I am console logging the signature but don't see the log anywehere on my text editor

Would I still be able to update my database with the webhook if I receive a 200 status code but get the webhook error: no stripe-signature header value was provided

No, you should verify the signature. Otherwise bad actors can send bogus Events to your Webhook Endpoint.

More details here: https://stripe.com/docs/webhooks/signatures

oh yea true, so I am assuming i am not getting the right format from the stripe signature

I know you guys have the docs for node.js but I am using Next.js 13 and the syntax is a little different.

I think it's probably an issue with the framework/library you're using. You need to get the Stripe-Signature header from the incoming request.

Like are you sure req.headers['stripe-signature'] is how you access the header?

no, I am not, I know that is where the problem lies and I have looked up solutions. I am trying to console.log the signature but don't know where it's logging to

so the endpoint is https://competitiveedgedumpsters.com/api/webhook

I am trying to console.log the signature but don't know where it's logging to
What do you mean by this?

would I check that endpoint

I have a console.log on line 21 here

I am trying to see the value of the signature

I am currently on https://competitiveedgedumpsters.com/ and going through the checkout process with a test secret key using the card 4242

and then when I successfully checkout on that domain idk where to look for that console log on line 21

Pretty sure the issue is in your signature error catch handler

you're including the {status: 400} in the first parameter to Response as text, rather than the second param as the status to use

that line should be return new Response('... string here...', {status: 400});

okay let me try that

i see what you mean

https://dashboard.stripe.com/test/events/evt_1NQxYZIPblDJirEcRyj4HyD0

this is what I receieved back

I did fix that error you described above

Webhook Error: No stripe-signature header value was provided.

Yep, that's now returning a 400 status in the response, so: progress!

As for you actual error, you need to debug the inputs body, signature, endpointSecret and ensure they have the expected values

I'm not sure how you can access the logs for this, that's entirely up to you and how your server & logging is configured

okay yea I figured, I will try to figure that out

thank you

I found them actually

so I am getting back the endpointSecret correctly

the signature is undefined

does that mean I am not even reading the stripe signature correctly?

Correct -- it seems like that's not coming through

Can you try changing to req.headers.get('stripe-signature').?
From here: https://github.com/vercel/next.js/issues/49739#issuecomment-1546629961

Yes I read that link. let me try it again though since I know where to read the logs

I also have a vague recollection that you might need to explicitly allow certain headers to pass through in next

Yea I think I see some articles are that. Just have to figure out how to do it

I think I got it working now, if you can check this event idea to confirm

https://dashboard.stripe.com/test/events/evt_1NQxzwIPblDJirEc9vOLEs4A

Looks like successful delivery on that 👍

what did you do to enable/access the header?

const signature = req.headers.get('stripe-signature');

I thought I tried it earlier but I had to add the .get()

Thank you for all the help

Ok great!

Thanks for letting me know

You didn't need to list/enable the header anywhere for it to be available in the handler?