#ken-webhook-cli

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• kenehermitcoder, 5 hours ago, 17 messages
• kenehermitcoder, 3 days ago, 23 messages
• kenehermitcoder, 3 days ago, 39 messages
• kenehermitcoder, 4 days ago, 8 messages

Hi 👋 can you summarize your issue for me?

@pure birch I created a thread for you, let's chat here. Pasting your additional message for context:

I am trying to use the stripe.webhooks.constructEvent() method when a checkout session is completed but it doesn't seem to function as expected or as is shown in the documentation

Can you provide more specifis, what isn't working, are you encoutnering an error?

❌ Error message: Webhook payload must be provided as a string or a Buffer (https://nodejs.org/api/buffer.html) instance representing the raw request body.Payload was provided as a parsed JavaScript object instead.
Signature verification is impossible without access to the original signed material.

Hello?

Anyone there?

Sorry, the server is very busy right now, so it will take me some time to reply. The error is pretty explanatory there, you're payload is being serialized as a JSON object, but our function is expecting the raw unparsed body of the request, which should be either a string or a buffer, so we throw an error that we're not being provided the expected data structure.

You'll need to pass us a string or a buffer representing the raw payload of the request we make to your endpoint.

I don't understand your request. How can I convert an object to a string?

It shouldn't be converted to an object to begin with. You should disable/avoid whatever processing is trying to convert it to JSON.

Now, I am getting this: "❌ Error message: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
".

And why does the webhook not wait for the transaction to be 'completed' before it is triggered?

That error indicates the hash value calculated by constructEvent does not align with the signature provided in the request's header. The most common reasons for that are:
1: the wrong signing secret is being used. Each webhook endpoint generates their own unique signing secret, and you will need to use that secret with the endpoint.
2: the request body has been manipulated before being passed to constructEvent. That function is very sensitive, even whitespace adjustments will cause it to fail.

What webhook Event type are you referring to?

I didn't touch the req body.

So start with triple checking the signing secret. Are you using an actual webhook endpoint for this testing, or the Stripe CLI?

What are expected args for the constructEvent?

I am using the local testing webhook secret.

So you're using the Stripe CLI to forward Events to your an endpoint on your local machine? If so, when you run the stripe listen command, the CLI should print a signing secret (string with a whsec_ prefix) to the console, does that value match the signing secret you're using in your code?

constructEvent is expecting the raw, unaltered body of the request, the signature from the request's stripe-signature header, and the endpoint signing secret.

Does the whsec change each time we run the command?

👋 hopping in here since toby will have to head out soon

No, I believe the whsec_ shouldn't change every single time (but it's always a good idea to double check that the value you're using matches)

Really based on the error message you're seeing the issue seemms more to do with the payload you're passing in, not the whsec_ webhook secret

Have you checked what the type of req.body is?

{
reqBody: {
id: 'evt_1OEfewLhCDDmT58KsvBONNG6',
object: 'event',
api_version: '2022-11-15',
created: 1700518178,
data: { object: [Object] },
livemode: false,
pending_webhooks: 2,
request: {
id: 'req_CRGQhzwnF3wSFS',
idempotency_key: 'stripe-node-retry-8fd4b0cb-0079-4366-b8bc-372ca11eae5d'
},
type: 'customer.created'
}
}

But do you know what the actually type of it is? Given the error you were getting before, it's likely not a String or Buffer like we're expecting

It is an object.

Yeah so that won't work - we expect a String or a Buffer

You either need to convert it, or find some other solution that gives you the raw body as a string

How do you do this conversion to string?

well let's back up a bit - are you using express?

Yes, I am.

Then you may have some luck looking at solutions that have worked for others here: https://github.com/stripe/stripe-node/issues/341

Seems like req.rawBody has worked for some other folks

Okay, thank you. I will check it out;I hope to find the help I need there.

But also, why does Stripe call the webhook each time I do something even when I do not need it to?

Do you have your webhook configured to listen for all events?

I only need it to listen for checkout session completed event.

Got it - if you're using the Stripe CLI during test for this, you can just listen to that specific event using the events flag like this:

stripe listen --events=checkout.session.completed

How can I configure it on the dashboard instead

You have the option to select which events you want to listen to when you create your webhook through the dashboard

There is no option to select the checkout.session.completed

Where are you looking? Do you have a screenshot?

That's just a list of some example event types that'll work - it's not the complete list of every event. If you actually try doing stripe trigger checkout.session.completed it'll work

ken-webhook-cli

I am coming, please, hold on.

I implemented this: "app.use(express.json({
// Because Stripe needs the raw body, we compute it but only when hitting the Stripe callback URL.
verify: (req: any, res: Response, buf: any) => {
const url = req.originalUrl;
console.log({ url, buf })
if (url.startsWith('/api/v1/finance/verify-and-store-payment-details/stripe')) {
req.rawBody = buf.toString()
}
}
}));"

Yet I am getting this error: "Error message: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
"

Hello?

@pure birch Are you using the right webhook endpoint secret? If you use the Stripe CLI it has its own separate secret.

How can I get it?

When you start the CLI in the terminal it's shown to you immediately

This error has been fixed.

Just one thing remaining.

Why does Stripe call the webhook even when I don't need it?

I don't really know what that means sorry

It calls starting from when I just call 'stripe.checkout.sessions.create' to opening the checkout link, etc, each time.

I'm sorry this is really vague with not much details. A WebhookEndpoint is called every time a specific Event type is being created on your account that the WebhookEndpoint listens for. Lots of Events happen during Checkout and that's likely what's happening? I'm wildly guessing though here.
As a developer, you can log the Events your get, their type their content, etc. and debug this easily

Thanks.

sure thing!