#pilou_webhooks
untold mesaBOT
Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.
- pilou_api, 1 day ago, 12 messages
worthy zenithBOT
đ Welcome to your new thread!
â˛ď¸ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.
âąď¸ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.
đ This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1245331182619594793
đ Have more to share? Add more details, code, screenshots, videos, etc. below.
rocky basin
Hi
You need to use the raw body
Don't use any parser middelware that could change the format of the request body
dapper siren
even with the raw body i have the issue :
const sig = request.headers['stripe-signature'];
const raw = request.body;
let event;
try {
event = stripe.webhooks.constructEvent(raw, sig, variables.STRIPE_WEBHOOK_SECRET);
console.log(event)
} catch (err) {
console.log(err)
console.log(`â ď¸ Webhook signature verification failed.`);
return;
}
here is a complete example:
https://github.com/stripe/stripe-node/blob/master/examples/webhook-signing/express/main.ts#L23
You have a middelware in your Express App? json, compress ?
dapper siren
I use fastify
rocky basin
Do you have a middelware that is updating/parses the request body?
dapper siren
Nope
rocky basin
No there must be something. In general when you have webhook signature verification failure, you need to double check two things:
- request body raw was updated/changed
- Using wrong webhook/api secret
dapper siren
Using wrong webhook/api secret : I'm sure about it because i use stripe CLI listener
request body raw was updated/changed : I have just that :
fastify.register(stripeRoutes, { prefix: '/stripe' });
fastify.post('/webhook', stripeController.webhookStripe);
export async function webhookStripe(request, reply) {
const sig = request.headers['stripe-signature'];
const raw = request.body;
let event;
try {
event = stripe.webhooks.constructEvent(raw, sig, variables.STRIPE_WEBHOOK_SECRET);
console.log(event)
} catch (err) {
console.log(err)
console.log(`â ď¸ Webhook signature verification failed.`);
return;
}
reply.send({ received: true });
}
What about the global scope/config of your fastly instance ?
Sorry, I don't know much about Fastly... but there must be something changing the request body if you are using the correct webhook secret.
dapper siren
Here are somes register about fastify :
const fastify = Fastify({
// logger: true
});
fastify.register(FastifyFavicon, {
path: 'public/',
name: 'favicon.ico',
});
fastify.register(fastifyMultipart, {
limits: {
fileSize: 100000000, // For multipart forms, the max file size in bytes
files: 1, // Max number of file fields
}
});
// Allow to throttle the request and respond
await fastify.register(fastifyThrottle);
fastify.register(cors, {
origin: '*',
methods: ['GET', 'PUT', 'POST', 'DELETE'],
allowedHeaders: ['Content-Type, Authorization']
});
Unfortunately, we don't have a example of Fastly, but you can try one of these examples:
https://github.com/stripe/stripe-node/tree/master/examples/webhook-signing
dapper siren
Unfortunately, we don't have a example of Fastly, but you can try one of these e...
Yes I can't find any example
rocky basin
Try to reach out to the community of that framework and double check if there is a built in parser/middelware that updates the request body...