#akrabulislam

Hi there!

Hello

Getting a SignatureVerificationError is quite common. It usually comes from two potential errors:

• You are using the wrong webhook secret. So please double check you are using the correct one. It should look like whsec_xxx and match the one displayed in your dashboard
• The payload you pass in the constructEvent function is not the raw payload. So you need to ensure that you get the raw body of the HTTP request that Stripe sent you, without any interference by your code or framework in the middle.

To debug this you'll need to add logging to every value you pass to constructEvent (the payload, the secret, and the signature header) and then we can try to have a look at what part is wrong

Okay I am sharing the debug values of every step. Can you help me

Sure, just make sure you don't share your webhook secret in this public channel.

I am using developer keys

t=1694758274,v1=f2a45385b16e68404aec652819d6bbb92e4a4653f20950c7207c1c1511e9973f,v0=ccc32695e6276264676ba606

The stripe-signature looks like this

Do I share any other thing that you can understood what am I doing wrong

Can you share the first 5 characters of your webhook secret?

sure

whsec_

def get_account_info(self):
        """
        Get user's stripe account info.

        Args:
            email (str): User's email.

        Returns:
            dict: Response containing user's conversations or an error message.
        """

        event = None
        payload = request.data

        try:
            event = json.loads(payload)
        except:
            print('⚠️  Webhook error while parsing basic request.' + str(e))
            return jsonify(success=False)
        if endpoint_secret:
            # Only verify the event if there is an endpoint secret defined
            # Otherwise use the basic event deserialized with json
            sig_header = request.headers.get('stripe-signature')
            print('----------Signature Header--------------------')
            print(sig_header)
            print('----------Signature Header--------------------')
            try:
                event = stripe.Webhook.construct_event(
                    payload, sig_header, endpoint_secret
                )
            except stripe.error.SignatureVerificationError as e:
                print('⚠️  Webhook signature verification failed.' + str(e))
                return jsonify(success=False)

This is the code snippet

whsec_
And does it exactly match the one you see in your dashboard?

Yes, checked several times

they both are same

Got it. So by elimination this is the issue:

The payload you pass in the constructEvent function is not the raw payload.

Following the same code:- https://stripe.com/docs/webhooks/quickstart?lang=python

I am following the same implementation as from docs

Hi! I'm taking over from my colleague. Please, give me a moment to catch up.

Could you please share an example Event ID that fails

Actually its failed when trying to stripe.Webhook.construct_event

I followed the code from docs

suggested from support

https://stripe.com/docs/webhooks/quickstart?lang=python

I understand, but still, could you please share an example Event ID?

I believe the issue has to do with the rest of your application.

There might be HTTP middleware the parses the request body.

I am not familiar with event ID as I am new to stripe. But using customer.subscription.updated. Here is the code snippet.

def get_account_info(self):
        """
        Get user's stripe account info.

        Args:
            email (str): User's email.

        Returns:
            dict: Response containing user's conversations or an error message.
        """

        event = None
        payload = request.data

        try:
            event = json.loads(payload)
        except:
            print('⚠️  Webhook error while parsing basic request.' + str(e))
            return jsonify(success=False)
        if endpoint_secret:
            # Only verify the event if there is an endpoint secret defined
            # Otherwise use the basic event deserialized with json
            sig_header = request.headers.get('stripe-signature')
            print('----------Signature Header--------------------')
            print(sig_header)
            print('----------Signature Header--------------------')
            try:
                event = stripe.Webhook.construct_event(
                    payload, sig_header, endpoint_secret
                )
            except stripe.error.SignatureVerificationError as e:
                print('⚠️  Webhook signature verification failed.' + str(e))
                return jsonify(success=False)

        # Handle the event
        if event['type'] == 'customer.subscription.updated':
            customer = event['data']['object']
            customer_id = event['data']['object']['customer']
            customer_info = stripe.Customer.retrieve(customer_id)
            customer_email = customer_info.email
            print("=====Customer info for email")
            print(customer_info)
            print("*****Subscription data")
            print(customer)

An event object that produces a webhook notification has an ID.

You can find it in your Dashboard: https://dashboard.stripe.com/test/events

Okay thanks let me check