#teevee-webhook-signature

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• teevee_14010, 8 hours ago, 50 messages

Hi there 👋 for signature verification issues, the most common causes I see are that the signing secret is wrong or the payload is being adjusted before the signature verification is being performed.

Just to double check, you're not using the Stripe CLI to forward Events to your endpoint for testing currently?

No I am using smee.io to forward the webhook to my local machine

The payload being adjust before signature verification, I am a pretty novice coder, can I send you my webhook endpoint code block to see if this is occurring or not?

I'm not familiar with smee.io, but if it does any sort of payload manipulation you'll want to figure out how to disable that.

Are you working with Node by chance?

Yes node. smee.io just allows you to forward webhooks to your local server. It does not manipulate the data in anyway

Gotcha, on an Express server? The most common problem I see is that there some sort of parser running on inbound requests (typically trying to parse the data as JSON) that breaks our verification because that results in the payload being modified.

Yes Express server

this is in my code: router.use(bodyParser.raw({ type: 'application/json' }));

Is that the only bodyParser you have running?

Actually just go ahead and share your endpoint code. The server is pretty busy so it may take me a bit to look at it, but maybe something will jump out at me.

Ok thank you. Hopefully this goes through correctly.

Hm, I don't see constructEvent in there, how are you doing the signature verification?

The error about signature verification in the log statement seems to be pretty far from anything doing signature verification. Where exactly in that code is the error/exception starting?

teevee-webhook-signature

Sorry that was a testing block, here is the functional block of code

👋 I'm hopping in here to take a look - give me a minute to catch up

This is the server log response related to that webhook endpoint:

Received raw payload: {"id":"evt_3OblFDKqO403i8Jl13yiNkce","object":"event","api_version":"2023-10-16","created":1706021215,"data":{"object":{"id":"pi_3OblFDKqO403i8Jl1LJ80hav","object":"payment_intent","amount":2300,"amount_capturable":0,"amount_details":{"tip":{}},"amount_received":2300,"application":null,"application_fee_amount":null,"automatic_payment_methods":null,"canceled_at":null,"cancellation_reason":null,"capture_method":"automatic","client_secret":"pi_3OblFDKqO403i8Jl1LJ80hav_secret_93awap8Qf2iEx0Z4BKJdUm0tg","confirmation_method":"automatic","created":1706021191,"currency":"usd","customer":null,"description":null,"invoice":null,"last_payment_error":null,"latest_charge":"py_3OblFDKqO403i8Jl1cuoBu1X","livemode":false,"metadata":{},"next_action":null,"on_behalf_of":null,"payment_method":"pm_1OblFPKqO403i8Jl3co03sEf","payment_method_configuration_details":null,"payment_method_options":{"us_bank_account":{"mandate_options":{},"verification_method":"automatic"}},"payment_method_types":["us_bank_account"],"processing":null,"receipt_email":null,"review":null,"setup_future_usage":null,"shipping":null,"source":null,"statement_descriptor":null,"statement_descriptor_suffix":null,"status":"succeeded","transfer_data":null,"transfer_group":null}},"livemode":false,"pending_webhooks":1,"request":{"id":null,"idempotency_key":null},"type":"payment_intent.succeeded"}
Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?

Learn more about webhook signing and explore webhook integration examples for various frameworks at https://github.com/stripe/stripe-node#webhook-signing

POST http://localhost:3000/webhook - 400

If that's the raw payload you're working with it looks incorrect - the raw payload needs to be exactly the same as what we send you (so it's have spaces, new lines, etc.)

Ok, what do you think is causing the payload to be altered?

Have you looked at this github issue yet (https://github.com/stripe/stripe-node/issues/341) ? It has some suggestions for how others have handled this before

No I have not. Thank you for the resource

I reviewed the resource. i tried some of the suggestions but nothing is working for me. I am pretty new to backend coding so this may be beyond my current capabilities.

Which ones have you tried?

app.use(bodyParser.json({
// Because Stripe needs the raw body, we compute it but only when hitting the Stripe callback URL.
verify: function(req,res,buf) {
var url = req.originalUrl;
if (url.startsWith('/stripe-webhooks')) {
req.rawBody = buf.toString()
}
}}));

I got same server log after implementing this code to my server.js file and updating my webhook endpoint.

This one as well but I dont know that I implemented it correctly:

app.use(
bodyParser.json({
verify: function(req, res, buf) {
req.rawBody = buf;
}
})
);

Wait one second - when I look at the event evt_3OblFDKqO403i8Jl13yiNkce I see that it's getting back 200 success responses

Yes but my server is not able to verify any signatures or pull out the event type

The dashboard has always returned 200, my server log returns errors

To me it seems like the webhook is delivering the payload and my server receives it but it is not able to do anything or handle the data.

What do you mean by your dashboard always retrusn 200 but your server log returns errors? Is the code you're running on your server not the code that you shared earlier?

It is the same code

stripe dashboard returns 200

I'm not sure what you mean by that - the stripe dashboard wouldn't be returning a 200. If you're seeing a 200 for the event that means your server is the one returning the 200

Yes, my server returns 200 to the stripe dashboard, but my server log shows a 400 error and it console.log the raw payload but it states that the signature verification failed and it does not run any of the code related to the event.type

my server log:

Received raw payload: {"id":"evt_3OblFDKqO403i8Jl13yiNkce","object":"event","api_version":"2023-10-16","created":1706021215,"data":{"object":{"id":"pi_3OblFDKqO403i8Jl1LJ80hav","object":"payment_intent","amount":2300,"amount_capturable":0,"amount_details":{"tip":{}},"amount_received":2300,"application":null,"application_fee_amount":null,"automatic_payment_methods":null,"canceled_at":null,"cancellation_reason":null,"capture_method":"automatic","client_secret":"pi_3OblFDKqO403i8Jl1LJ80hav_secret_93awap8Qf2iEx0Z4BKJdUm0tg","confirmation_method":"automatic","created":1706021191,"currency":"usd","customer":null,"description":null,"invoice":null,"last_payment_error":null,"latest_charge":"py_3OblFDKqO403i8Jl1cuoBu1X","livemode":false,"metadata":{},"next_action":null,"on_behalf_of":null,"payment_method":"pm_1OblFPKqO403i8Jl3co03sEf","payment_method_configuration_details":null,"payment_method_options":{"us_bank_account":{"mandate_options":{},"verification_method":"automatic"}},"payment_method_types":["us_bank_account"],"processing":null,"receipt_email":null,"review":null,"setup_future_usage":null,"shipping":null,"source":null,"statement_descriptor":null,"statement_descriptor_suffix":null,"status":"succeeded","transfer_data":null,"transfer_group":null}},"livemode":false,"pending_webhooks":1,"request":{"id":null,"idempotency_key":null},"type":"payment_intent.succeeded"}
Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?

Learn more about webhook signing and explore webhook integration examples for various frameworks at https://github.com/stripe/stripe-node#webhook-signing

POST http://localhost:3000/webhook - 400

This is my event handler code, none of this is ran after my server receives the webhook payload:

// Handle the event
if (event.type === 'payment_intent.succeeded') {
const paymentIntent = event.data.object;
console.log('Payment Intent:', paymentIntent);

  const paymentMethodType = getPaymentMethodType(paymentIntent);
  console.log('Payment method type:', paymentMethodType);

  const userId = paymentIntent.metadata.userId;
  const total = paymentIntent.amount / 100; // Convert amount to dollars

  console.log('User ID:', userId);
  console.log('Total Amount:', total);

  let feePercentage;
  let feeAmount;

  if (paymentMethodType === 'us_bank_account') {
    // ACH payment: .8% fee
    feePercentage = 0.008;
    feeAmount = total * feePercentage;
  } else if (paymentMethodType === 'card') {
    // Card payment: 2.9% + 30 cents fee
    feePercentage = 0.029;
    feeAmount = 0.3 + total * feePercentage;
  }

  // Assuming total is accessible here
  const newBalance = total - feeAmount;

  // Update the user's account balance
  await updateUserBalance(userId, newBalance);

  // Respond to the webhook event
  res.json({ received: true });
}

} catch (error) {
console.error('Webhook Error:', error.message);
res.status(400).send(Webhook Error: ${error.message});
}
});

Hello! I'm taking over and catching up...

It's likely your middleware needs to be rearranged so the raw body is extracted first, before any other middleware runs. Can you make that change and try again?

Yes I will, but I am so sorry i have to sign off. Can I make those changes later and update?