#c6llb

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• c6llb, 8 minutes ago, 45 messages
• c6llb, 7 hours ago, 19 messages

What's your question

app.use((req, res, next) => {
if (req.path === '/api/v1/orders') console.log(req);
next();
});

The signature passed by the test env for checkout complete webhook is not correct

and this middleware logs the request

which have the header stripe-signature

and it is like this:
t=NUMBER,v1=NUMBER,v0=NUMBER

And none of these starts with whsec

so none of these is actually a signature, and there is no middlewares before this middleware who logged the stripe-signature header

what would be the problem?

I don't understand the problem

Webhook secret isn't sent in the request ever...

You store webhook secret in an env variable and verify the signature with that

i meant the signature

You won't get it in a request

so the request can be verified

That's expected

so thats the normal header?

yes

https://stripe.com/docs/webhooks#verify-manually

But not recommended to verify manually ^

Recommended to use our libraries:
https://stripe.com/docs/webhooks#verify-official-libraries

exports.saveOrder = catchAsync(async (req, res, next) => {
const payload = req.body;
const sig = req.headers['stripe-signature'];
console.log(sig);

try {
const event = stripe.webhooks.constructEvent(
JSON.stringify(payload),
sig,
process.env.STRIPE_WEBHOOK.trim()
);
} catch (e) {
// console.log('fail');
// console.log(e.message);
return res.status(400).json({});
}

res.status(204).json({});
});

yes, i'm using your libraries

and it displays the error:

fail
No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

fail
No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

fail
No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

fail
No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

each error is for some request
one for session.created, completed...etc

Does process.env.STRIPE_WEBHOOK.trim() start with wsec_?

yes

it is the webhook secret

Why do you pass JSON.stringify(payload),

I don't think it accepts a string

I think you need to pass a buffer from what I remember in node

Really I just recommend using our quickstart integration: https://stripe.com/docs/webhooks/quickstart?lang=node

And building on top of that

the previous helper said to me

still, not working

What's not working

What did you change

const event = stripe.webhooks.constructEvent(
payload,
sig,
process.env.STRIPE_WEBHOOK.trim()
);

Really I just recommend using our quickstart integration: https://stripe.com/docs/webhooks/quickstart?lang=node

And building off of that

Is there a reason you're not doing that?

I've already used it, and did some edits

Your snippet looks very different

Ok, I will try to copy-paste it

Signature verification issues are extremely common in Node because often folks install various middlewares that mess with the inbound request body. They can be hard to debug

That's why we generally recommend you explicitly download the above quickstart app and use that as a base

You can click the "download full app" button

thanks

Stripe is not even supported in Jordan😂

My whole work is gone

I will try to find another

thanks