#luis_webhooks-signature

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1273384438209839218

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• luis_subscription-webhooks, 10 minutes ago, 117 messages

i saw the code on website, but im using type module

only part of code

is this

Can you try removing as string from your code in your try/catch block?

so it's just the unmutated sig variable?

unmutated ?

sig are the signatre on request header

i will try remove the as string

i have this error when remove 'as string':

Argument of type 'string | string[] | undefined' is not assignable to parameter of type 'string | string[] | Buffer'.
Type 'undefined' is not assignable to type 'string | string[] | Buffer'.

i have to put the api verison on 'new stripe'? like this const stripe = new Stripe(STRIPE_SECRET_KEY, { apiVersion: '2022-11-15' });

That's fine. This most likely isn't a versioning issue. Okay, so the header is being mutated upstream somewhere. I'm not sure what your code is doing to be honest.

Where is your route actually located? I see you're importing express and using Request and Response in your function, but I'm not sure what's actually going on behind the scenes.

Our docs recommend using express.raw({type: 'application/json'}) so that you can get an unmutated signature, so is there a way you can implement that with your particular app structure?

im using like this:

const router = express.Router();
router.post("/api/asdgas3hs7nc2b", stripeController.paid);

i will try like this

router.post(
"/api/asdgas3hs7nc2b",
express.raw({ type: "application/json" }),
stripeController.paid
)

Yep, that might work

let me ask you

i got

same error

😫

What error specifically? Like, what's the exact error message and where are you receiving it?

response on webhook dashboard

400 bad request

Webhook Error: Webhook payload must be provided as a string or a Buffer (https://nodejs.org/api/buffer.html) instance representing the raw request body.Payload was provided as a parsed JavaScript object instead.
Signature verification is impossible without access to the original signed material.
Learn more about webhook signing and explore webhook integration examples for various frameworks at https://github.com/stripe/stripe-node#webhook-signing

Can you link me to the page in the dashboard you're looking at?

So some mutation is happening somewhere between when the webhook reaches the endpoint and the block in your handler that constructs the event. Are you able to refactor the endpoint without exporting the stripeController function and work backwards from there? Like, can you create your route like this, just to have an example of something that's working?

`app.post('/webhook', express.raw({type: 'application/json'}), (request, response) => {

const sig = request.headers['Stripe-Signature'];

let event;

try {
event = stripe.webhooks.constructEvent(request.body, sig, endpointSecret);
}
catch (err) {
response.status(400).send(Webhook Error: ${err.message});
}`

im exporting the function/controller

and use router

and using server.ts

I know, but do you have to do that? My hunch is that the extra step of exporting the function is causing the mutation somehow, so having a simple webhook handler in server.ts to ensure it's working could validate that

You can always work through exporting the function, such that the raw request is being used, but we don't know if your router is the culprit or if it's something else

if is use this code you give, Do you know if there could be a big error and the server crashes?

I'm not sure. I don't know how your system is designed. Are you trying to fix this on a production server without testing first?

i cant test using yours webhook on production

i think i will verify another type

verify-manually

You should really be creating a test webhook endpoint with a non-live copy of your production server. Building new functionality in production is risky

i can test but localhost

do you have the code of verify-manually?

What do you mean by "verify manually"?

https://docs.stripe.com/webhooks?verify=verify-manually#verify-manually

I would not recommend verifying manually if you can't get the SDK to work. This route is wayyyyy more complicated and will likely send you down a rabbit hole that you don't want to go down