#c6llb

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• c6llb, 6 hours ago, 19 messages

nope, another problem

Are you passing your Webhook Secret (it would look like this --> whsec_abc2123) in order to check the signature against it?

These are the docs I would follow if you aren't already: https://stripe.com/docs/webhooks#verify-official-libraries

yup

i'm

??

No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
fail
No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
fail
No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
fail
No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

Still, 4 errors, on each request

This error typically means that the webhook signature you passed is not correct. You need to confirm that you're not tampering it and using the raw string.

You can't parse this, this might be helpful: https://stackoverflow.com/questions/53899365/stripe-error-no-signatures-found-matching-the-expected-signature-for-payload

Like musn't I parse the body?

so JSON

That is correct, it needs to be raw to match the exact webhook signature.

exports.saveOrder = catchAsync(async (req, res, next) => {
const payload = req.body;
const sig = req.headers['stripe-signature'];

try {
const event = stripe.webhooks.constructEvent(
JSON.stringify(payload),
sig,
process.env.STRIPE_WEBHOOK.trim()
);
} catch (e) {
console.log('fail');
console.log(e.message);
return res.status(400).json({});
}

res.status(204).json({});
});

Still not working

I don't know if this note is important or not, but i'm in test mode

It does not matter if it's test mode or not

then why is the error

I'm sure that the secret is correct, i've logged it

and made sure

Do you have any plugins that maybe be tampering with it? If you pass the webhook signature manually const sig does it work?

t=NIMBER,v1=NUMBER,v0=NUMBER

This is what the header stripe-signature looks like

is it good? like it haves some commas

Hmm, that does not look light. It will be located in your Dashboard: https://dashboard.stripe.com/test/webhooks and it starts with whsec_.

You'd want to manually copy and paste that on the signature above.

I did not understand

i have the webhook signing secret

correct

this is the stripe-signature header

Under const sig, you'd want to paste that signature: https://stripe.com/docs/webhooks#verify-official-libraries and see if it's working.

I can't understand

do you meen by signature the whsec?

Yes, exactly

how? like as what?

must i declare the sig variable as the whsec?

it worked

but this is not safe

that will make anyone can ping the /orders

then he can make an order without even paying

So great! That means that something on your end is tampering with the raw webhook secret

ok, so that was only for debugging

So you'd want to debug this on your end and ensure that wsec_ is raw

yes

yes