#costantino_40687

Hi

But here, in the construct_event method i have a SignatureVerificationError with this message: "stripe.error.SignatureVerificationError: No signatures found matching the expected signature for payload"
In general, the main reasons behind getting “No signatures found matching the expected signature for payload” error are:

• Using a wrong webhook secret. I invite you to double check that you are using the correct webhook secret[1].
• The request rawbody is being changed[2]. Make sure that nothing is changing the request body of the webhook event body (e.g. compressor, json middlewares) in your integration.

[1] https://stripe.com/docs/webhooks#roll-endpoint-secrets
[2] https://stripe.com/docs/webhooks/signatures#:~:text=Stripe requires the raw body of the request to perform signature verification. If you’re using a framework%2C make sure it doesn’t manipulate the raw body. Any manipulation to the raw body of the request causes the verification to fail.

Hi @bright swift, regarding the webhook secret that's what i take from the webhook settings in the Developer Dashboard.

But for the changing of the request body is a mistery... becouse i'm sure the request body is not changed. I notice also that in the second link you send, the payload in retrive by:
"payload = request.body"
but in django request.body raise the following Exception :
django.http.request.RawPostDataException: You cannot access body after reading from request's data stream

I don't know much about Django honestly but it looks like it's updating the webhook body request in some part of your integration.

I don't think that this has a direct link with this but did you disabled csrf ?
https://stripe.com/docs/webhooks#csrf-protection

I'll try..