#lennard.

Hello! What debugging have you done so far? Have you made sure you're using the right webhook secret? Have you logged the payload and made sure it's the raw body?

Yes, tested both.

The payload is a JSON object @worldly mason

Can you copy-paste the full object you get here?

Ofc!

{
  id: 'evt_3Nlc3bEHvOaf03g91BZv0Hwx',
  object: 'event',
  api_version: '2023-08-16',
  created: 1693592819,
  data: {
    object: {
      id: 'pi_3Nlc3bEHvOaf03g91DyY6yTe',
      object: 'payment_intent',
      amount: 2000,
      amount_capturable: 0,
      amount_details: [Object],
      amount_received: 0,
      application: null,
      application_fee_amount: null,
      automatic_payment_methods: null,
      canceled_at: null,
      cancellation_reason: null,
      capture_method: 'automatic',
      client_secret: 'pi_3Nlc3bEHvOaf03g91DyY6yTe_secret_w72EkSKbahRo4nFmaPpPMBHuy',
      confirmation_method: 'automatic',
      created: 1693592819,
      currency: 'usd',
      customer: null,
      description: '(created by Stripe CLI)',
      invoice: null,
      last_payment_error: null,
      latest_charge: null,
      livemode: false,
      metadata: {},
      next_action: null,
      on_behalf_of: null,
      payment_method: null,
      payment_method_options: [Object],
      payment_method_types: [Array],
      processing: null,
      receipt_email: null,
      review: null,
      setup_future_usage: null,
      shipping: [Object],
      source: null,
      statement_descriptor: null,
      statement_descriptor_suffix: null,
      status: 'requires_payment_method',
      transfer_data: null,
      transfer_group: null
    }
  },
  livemode: false,
  pending_webhooks: 2,
  request: {
    id: 'req_mA9ZfvopDJ4OSq',
    idempotency_key: '784a4d69-cd4d-4f8b-8659-89abc621fce9'
  },
  type: 'payment_intent.created'
}```

All test data

@worldly mason This is also what I pass, so thats weird to me

I think your code is messing with the raw body somewhere - we expect somethign more along the lines of this (notice the quotation marks):

{
  "id": "evt_3Nlc3bEHvOaf03g91BZv0Hwx",
  "object": "event",
  "api_version": "2023-08-16",
  "created": 1693592819,
  "data": {
...
}

What type would the payload have to be?

Do I have to stringify it maybe?

From our code we expect this to be a String or a uint8array (https://github.com/stripe/stripe-node/blob/86da21e351d876bca8bd80417db7938130ec9ad0/src/Webhooks.ts#L29)

I don't know if just stringify-ing it will do the trick

You lkely have some middleware that's affecting this

it's the payload = req.json()

for the secret, you must use the raw payload, not the parsed - the secret use steganography - in the non-coding spaces, breaks, etc

Thanks, how is that possible in NextJS?

just use the req directly, most likely

Same issue with that

...unless NextJS "helpfully" pre-parses it for you (I don't use Next.JS at the moment)

Is there some level of middleware before this step? you literally have to have the raw, unprocessed, unparsed body of the request for this to work

Yea in 98% of use-cases the parsing is helpful

Yes

import { createMiddlewareClient } from '@supabase/auth-helpers-nextjs'
import { NextResponse } from 'next/server'

import type { NextRequest } from 'next/server'

export async function middleware(req: NextRequest) {
  const res = NextResponse.next()

  // Create a Supabase client configured to use cookies
  const supabase = createMiddlewareClient({ req, res })

  // Refresh session if expired - required for Server Components
  // https://supabase.com/docs/guides/auth/auth-helpers/nextjs#managing-session-with-middleware
  //await supabase.auth.exchangeCodeForSession(req.nextUrl.searchParams.get('code')!)
  //console.log("🚀 ~ file: middleware.ts:15 ~ middleware ~ req.nextUrl:", req.nextUrl)
  await supabase.auth.getSession()

  return res
}

thats all tho

yes, it very much is - except Stripe is using the NON-parsing parts of the body to add in the encoded data

Seems like i need to turn my req (type of Request) to a Incoming message

That would fix it

found a blog post

possibly - not that I trust anything labeled "AI" (which are neither)

whatever the solution is, it needs to provide the raw, unfiltered, unprocessed original POST body - any form of parsing will remove the encoded secret

So the Uint8Array ?

Any way to do so from the array buffer?

The "request" object from the original http call. The other possibility is the endpoint secret (which you partially expose in the screenshot up there; delete it) for Test and Live transactions are not the same...

FIXED IT

This works apparently

Yea, thanks

This fixed it

Really hard to solve tho

Thanks for the help

there's some possibility that approach might be unstable, so if there's an easier "more raw" way to get the rawbody from NextJS without the various toString, etc I would trust it more

I will look deep into docs

This is for debugging only so should be fine till then

...and you really should delete that last screenshot