#antonio_webhook-signature

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1243230861571391498

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

@Controller("webhook-connect")
export class WebhookConnectController {
logger = new Logger(WebhookConnectController.name);

constructor(
    private readonly eventEmitter: EventEmitter2,
    @Inject(StripeToken) private readonly stripe: Stripe
) { }

@Post("")
async handleEvent(@Req() req: Request) {
    const sig = req.headers['stripe-signature'];
    console.log("Sign:", sig)
    let event;

    const rawBody = req["rawBody"];
    /* console.log("RawBody: ", rawBody) */
    try {
        event = this.stripe.webhooks.constructEvent(rawBody, sig, process.env.STRIPE_SECRET);
    } catch (err) {
        console.error(err);
        throw new HttpException(err.message, HttpStatus.BAD_REQUEST);
    }

    console.log("Event: ", event);

    if (event.type === "account.updated") {
        console.log("Analysis the updated account: ", event);
        const account = event.data.object as Stripe.Account;
        if (account.details_submitted) {
            const email = account.email;
            this.eventEmitter.emit("status_gateway_payment", { email });
        }
    }
}

}

The error message is as follows:

StripeSignatureVerificationError: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.

@cold dune the signature verification can be really painful unfortunately. The most common issues are

1. Using the wrong secret (the CLI has its own)
2. Not passing the raw payload you get (many frameworks see JSON and try to deserialize it which messes with the verification)

antonio_webhook-signature

I've resolved the second case as I perform raw data recovery

interesting for the first. When can i retrieve it?

the secret is in the console when you use stripe listen assuming you use the CLI to forward locally

Okay, i see. Please give me one minut to see this work well

okay, it works. Thank you very much