chiayi | Stripe Developers | Page 1

harsh tangleBOT Jul 24, 2023, 10:06 AM

#

clear bear Jul 24, 2023, 10:06 AM

#

Hi there!

#

What do you mean by "app secret"?

still forum Jul 24, 2023, 10:06 AM

#

this is what I see

clear bear Jul 24, 2023, 10:07 AM

#

The screenshot you shared is what you see after running stripe apps start?

#

So basically the page is not loading properly?

still forum Jul 24, 2023, 10:18 AM

#

hmm let me rephrase my question

#

i'm getting my webhook signing secret by running stripe listen on cli, however I am getting SignatureVerificationError

#

i am following server.py from https://stripe.com/docs/webhooks/quickstart

Set up and deploy a webhook

Learn how to set up and deploy a webhook to listen to events from Stripe.

clear bear Jul 24, 2023, 10:20 AM

#

Getting a SignatureVerificationError is quite common. It usually comes from two potential errors:

You are using the wrong webhook secret. So please double check you are using the correct one. It should look like whsec_xxx and match the one displayed in your dashboard
The payload you pass in the constructEvent function is not the raw payload. So you need to ensure that you get the raw body of the HTTP request that Stripe sent you, without any interference by your code or framework in the middle.

#

To debug this you'll need to add logging to every value you pass to constructEvent (the payload, the secret, and the signature header) and then we can try to have a look at what part is wrong

still forum Jul 24, 2023, 10:25 AM

#

i printed payload secret and signature header, but not sure how to tell which part went wrong (i will remove this screenshot later)

clear bear Jul 24, 2023, 10:30 AM

#

the error you shared has nothing to do with signature error. It's just a syntax error

#

expected } but found .

still forum Jul 24, 2023, 10:31 AM

#

that error was solved previously, let me provide an up to date screenshot

#

you can see stripe.error.SignatureVerificationError in the center terminal

harsh tangleBOT Jul 24, 2023, 10:36 AM

#

golden charm Jul 24, 2023, 10:43 AM

#

Hey! Taking over for my colleague. In general when you are facing signature failure, you are in one of these cases:

Using wrong API secret key/webhook secret key
The request body is being changed (aka middelware)

still forum Jul 24, 2023, 10:49 AM

#

Using wrong API secret key/webhook secret key
I copied my webhook secret key directly from cli

The request body is being changed (aka middelware)
the request body wasn't changed (look at payload before: and payload after: print statements at the center terminal)

seems like its not any of the reasons

golden charm Jul 24, 2023, 10:52 AM

#

Did you try to run the server.py without doing any modification on it (just by replacing the webhook endpoint secret ) ?
https://stripe.com/docs/webhooks/quickstart?lang=python

still forum Jul 24, 2023, 10:55 AM

#

I can't do that because I need to fire my request from my local stripe app and connect-src in stripe-app.json doesn't accept http links

modifications were made on server.py to be able to run the server on https

golden charm Jul 24, 2023, 10:58 AM

#

I meant just for testing, you run stripe cli listen and test it using the server.py without using your own backend

#

There must be something in your backend that is preventing the signature verification.

#

So as a first step, let's test the server.py as a first step (without doing any modification)

#

No you don't send the request by your own.

#

that endpoint need to be called by Stripe (as a webhook event)

#

Follow the guide step by step till the end, in order to understand the concept:
https://stripe.com/docs/webhooks/quickstart?lang=python

still forum Jul 24, 2023, 11:10 AM

#

ok will do, thanks alot! we can close this thread for now

#chiayi