#chaosxmk
gaunt crest
valid elm
hey there
Signature verification can be challenging to get right, its most important to ensure you're using the raw request body
Can you share your endpoint code that's trying to do this?
fast igloo
$payload = @file_get_contents('php://input');
$signature = $_SERVER['HTTP_STRIPE_SIGNATURE'];
$gdwconf = loadConfig('cpanel');
$stripe = new \Stripe\StripeClient($gdwconf->get('stripeapis'));
try {
$event = \Stripe\Webhook::constructEvent(
$payload, $signature, $gdwconf->get('stripewhs', '')
);
} catch(\UnexpectedValueException $e) {
// Invalid payload
return 400;
} catch(\Stripe\Error\SignatureVerification $e) {
// Invalid signature
return 400;
}```Have you done some debugging to check the parameters $payload, $signature, $gdwconf->get('stripewhs', '') to constructEvent have the values you expect?
fast igloo
the payload looks correct, the signature does have data (although I have no idea what it should/shouldn't contain), and the stripewhs is correct
valid elm
Can you share an example event that you're seeing a failure on?
eg evt_1234
fast igloo
evt_1NVaKRJepv5lAKwbUAwTvWrH
For reference, I'm intentionally throwing 418 for the recent tests so that I can click resend to try the event again
Alternatively, evt_1NVa61Jepv5lAKwb2HhM2jkl
valid elm
Is the value of the secret you're using whsec_E5...FqGB?
fast igloo
No, I'm using one that ends in Pskr
valid elm
Ok, then you have a secret mismatch
You should go to your endpoint in the dashboard and get the correct secret:
fast igloo
I copied the wrong thing, thank you
valid elm
NP!