pavlos_webhooks | Stripe Developers | Page 1

bronze rainBOT May 22, 2024, 6:02 PM

#

paper crowBOT May 22, 2024, 6:02 PM

#

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

pavlos_webhooks, 21 hours ago, 28 messages

bronze rainBOT May 22, 2024, 6:02 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1242900490094776464

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

short thicket May 22, 2024, 6:06 PM

#

The most common reason for this error is you're not actually getting the raw request when checking the webhook signature. Often it's because the middleware modifies/mutates the raw data of the request. You might want to step through your code and make sure you can log the raw request and (once you can) make sure that the variables in your webhook handler are only using the raw request

slender valve May 22, 2024, 6:07 PM

#

I see, so you believe the most likely case is that some middleware we have implemented is altering the request?

#

it works locally, but not on our staging environment, so I will have to ask our platform team

short thicket May 22, 2024, 6:11 PM

#

Hmmmm, does your staging environment use live mode API keys? Or does it use the same test mode API key that you're using locally?

slender valve May 22, 2024, 6:11 PM

#

same test mode key

short thicket May 22, 2024, 6:12 PM

#

Ah, okay. But you're using a different webhook secret via endpoint_secret right? Each webhook endpoint has a different signing secret that it uses to do signature verification

slender valve May 22, 2024, 6:12 PM

#

and I can confirm the event is associated with the test webhook

#

correct

#

#

it is the signing secret in test mode I am using

short thicket May 22, 2024, 6:13 PM

#

So if you go to the Stripe Dashboard and reveal the signing secret for the webhook endpoint you set up for your staging environment, you can confirm that the secret there is the same as the one you're using in your code?

slender valve May 22, 2024, 6:13 PM

#

correct

short thicket May 22, 2024, 6:14 PM

#

Okay, so in that case, the most likely culprit is that the middleware is mutating the request in some way and you're not actually using the raw HTTP request in your code

slender valve May 22, 2024, 6:15 PM

#

ok thank you, I will ask our platform team to look into both scenerios

short thicket May 22, 2024, 6:22 PM

#

Sure thing! Let us know if they need any assistance

#pavlos_webhooks