#nerdsliceradyn

Hello! The payload cannot be changed, so that approach won't work. What part of your system is returning the 419?

payment_intent.succeeded

That's the Event type from Stripe. I'm asking you what part of your system, on your side, is returning a 419 HTTP status code when we attempt to deliver an Event to it?

I see what you're asking, its in controller. I have added the url to my middleware exclusion for csrf verification

Sounds like the exclusion isn't working?

I'm not very familiar with Laravel, but maybe it's this? https://stackoverflow.com/questions/46266553/why-does-the-laravel-api-return-a-419-status-code-on-post-and-put-methods

Thats what I thought but wanted to see if i had missed anything in integration as that is a much easier mess to clean up

It sounds like something with Laravel. 419 isn't an official HTTP status code, seems like Laravel is using it for the CSRF stuff.

Fixed that now getting No signatures found matching the expected signature for payload

That usually means you're either using the wrong Webhook Signing Secret, or that you're using a modified request body.

stripe = new \Stripe\StripeClient(env('STRIPE_KEY'));

    // This is your Stripe CLI webhook secret for testing your endpoint locally.
    $endpoint_secret = env('STRIPE_SECRET');

    $payload = @file_get_contents('php://input');
    $sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'];
    $event = null;

Verify the secret you're using is the correct one, and make sure you're passing te raw, unmodified request body when constructing the Event.

I see the issue, thank you

Well thought I did. I was using STRIPE_SECRET not STRIPE_WEBHOOK_SECRET

Are you using Stripe CLI and stripe listen or is this an actual Webhook Endpoint?

I had my test secret webhook in place. resolved now