#.rammboss

Hi! Let me help you with this.

What's the errors you're seeing?

Il lget a SignatureVerificationException

No signatures found matching the expected signature for payload

I really dont know why my signature is always false. Can you send me a JSON request with an valid signature for testing

Here is the example from stripe-cli:

{"api_version":"2020-08-27","created":1689247759,"data":{"object":{"amount":3000,"amount_capturable":0,"amount_details":{"tip":{}},"amount_received":0,"application":null,"application_fee_amount":null,"automatic_payment_methods":null,"canceled_at":null,"cancellation_reason":null,"capture_method":"automatic","charges":{"data":[],"has_more":false,"object":"list","total_count":0,"url":"/v1/charges?payment_intent=pi_3NTNhyHN1zk9Pbmn14Xdio4y"},"client_secret":"pi_3NTNhyHN1zk9Pbmn14Xdio4y_secret_3HR0w9uXLgfD37Aml56ahIZrS","confirmation_method":"automatic","created":1689247758,"currency":"usd","customer":"cus_OFtURSKealbpax","description":null,"id":"pi_3NTNhyHN1zk9Pbmn14Xdio4y","invoice":null,"last_payment_error":null,"latest_charge":null,"livemode":false,"metadata":{},"next_action":{"type":"use_stripe_sdk","use_stripe_sdk":{"stripe_js":{"site_key":"c7faac4c-1cd7-4b1b-b2d4-42ba98d09c7a","verification_url":"/v1/payment_intents/pi_3NTNhyHN1zk9Pbmn14Xdio4y/verify_challenge"},"type":"intent_confirmation_challenge"}},"object":"payment_intent","on_behalf_of":null,"payment_method":"pm_1NTNhyHN1zk9PbmnqkYsiSQ7","payment_method_options":{"card":{"installments":null,"mandate_options":null,"network":null,"request_three_d_secure":"automatic"}},"payment_method_types":["card"],"processing":null,"receipt_email":null,"review":null,"setup_future_usage":null,"shipping":{"address":{"city":"San Francisco","country":"US","line1":"510 Townsend St","line2":null,"postal_code":"94103","state":"CA"},"carrier":null,"name":"Jenny Rosen","phone":null,"tracking_number":null},"source":null,"statement_descriptor":null,"statement_descriptor_suffix":null,"status":"requires_action","transfer_data":null,"transfer_group":null}},"id":"evt_3NTNhyHN1zk9Pbmn1b1WaW3l","livemode":false,"object":"event","pending_webhooks":2,"request":{"id":"req_arAhUubGgGTbBZ","idempotency_key":"30358e31-2fb2-4f7d-805e-2596069799d6"},"type":"payment_intent.requires_action"}

Are you sending a string body to the constructEvent?

Maybe something modifies the body before it reaches your server.

Do you also get the Stripe-Signature header?

yes i get a @Requestbody String (dont modify itself)

yes i can send you my signature and a examplerequest and the test_secret i use, if you want

I found that my gson which is used by your stripe api is downgraded

👋 stepping in here

Are you testing using a local endpoint and forwarding from the CLI or are you testing an HTTPS endpoint directly?

ill do: stripe listen --forward-to https://expertfinder-dev.smartransfer.de/API/stripe/webhooks/checkout/session/completed --format JSON

Hmm okay you shouldn't need to forward if you have an endpoint already running over HTTPS. Is there a reason you are doing that? You really only need to forward to be able to test with a local endpoint.

Regardless, when you do this, which endpoint secret are you using?

Are you using the one that the CLI provides you?

Or the one from your Dashboard?

from cli

whsec_70e7dc91AND-SO-ON

Okay and have you taken a look at our integration builder: https://stripe.com/docs/webhooks/quickstart?lang=java ?

And compared your code to that sample?

Usually the issue here is that you aren't using the raw body of the request if you are using the correct webhook secret

So for instance if you are using some sort of framework then it would manipulate the raw body before you try to do constructEvent

is there a way to get the raw content your endpoint is sending?

Yes you are using sprak for the endpoint. I need to use spring REST for this. But i also found code online where people doing this with spring too.

Can you share your webhook handler code?

Okay so you see how you have pbody as a string. That won't work.

i also compared the JSON from the cli with my test. they are identical

It should be coming through as bytes

it should not be JSON yet

That is why you are seeing verification fail

It has to be the raw incoming request without having touched it at all

I'm not familiar with sprak but you are going to want to do some research for how to actually get the raw body and then pass that to constructEvent otherwise this won't work

So the request body your are sending are bytes[]? True?

Yeah it should come through in bytes, not as JSON

Can you send me an Example byte string for testing? Or how can i get bytes out of the event from the cli

https://dashboard.stripe.com/test/events/evt_3NTNhyHN1zk9Pbmn1b1WaW3l

And the constructEvent is also taking only a string so even if i get a bytes array i need to convert it with UTF-8 to a string again

I don't have an example to share with you, no, nor do I think you can get one from the CLI unless you print out the raw request body.

And yeah sorry I just checked and you are correct that the Java raw body here does come through as a string

But something still is manipulating it in your framework it seems if you are seeing JSON

kk. Ill will find out how to prevent java from manipulating REST calls in any way

chears for your time