👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1283720267104915497

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• vlad_webhooks, 1 day ago, 31 messages

For both event, your webhook endpoint responded successfully (200)

Yes

So I assume there is no signature issue then ?

it's an automated message from API Gateway

Yes, there is

I'm not sure I'm following here. What is the issue you are facing ? can you share more details/Stacktrace ?

Error processing message: The expected signature was not found in the Stripe-Signature header. Make sure you're using the correct webhook secret (whsec_) and confirm the incoming request came from Stripe.

💁 What you can share safely

This is a public server. Anyone can see the messages posted here, so you need to be careful when sharing certain information.

🛑 Not safe to share

Do not share anything sensitive or privileged on Discord, including the following:

• 🛑 Secret API keys (most Stripe secret API keys start with sk_, rk_, or ek_)
• 🛑 Secrets (examples include Stripe's client secrets, which contain _secret_, and Stripe's webhook signing secrets, which start with whsec_)
• 🛑 Passwords, keys, or other login/authentication details
• 🛑 Information about non-public features or functionality

If you don't want something public, don't share it here.

✅ Safe to share

Stripe object IDs are safe to share in public, and are often required to help us investigate and debug issues. Some examples of IDs you can share safely are:

• ✅ Customer IDs (cus_)
• ✅ Checkout Session IDs (cs_)
• ✅ Subscription IDs (sub_)
• ✅ Invoice IDs (in_)
• ✅ Setup Intent IDs (seti_)
• ✅ Payment Intent IDs (pi_)
• ✅ Charge IDs (ch_ and py_)
• ✅ Request IDs (req_)

This list isn't comprehensive; there are too many Stripe object IDs and prefixes to list that are safe to share publicly.

If in doubt, ask someone on this server with the Stripe Staff role if a particular piece of information is safe to share before you share it.

Please delete your webhook secret and never share it

sorry for that

No worries, it's for your privacy!

Error processing message: The expected signature was not found in the Stripe-Signature header. Make sure you're using the correct webhook secret

What is the difference for the two events regarding this ?

There must be something changed in your integration between the two events

I was thinking to ask you that 🙂

There is no difference

We need more details here to narrow this.

have you tried to run some tests in your local env and debug your code ?

You can use Stripe cli to trigger some test events and consume them locally via stripe listen

what is the difference between setup_intent and charge events?

Yes, I got the same result

For webhook signature point of view, there is no differnce

Is there any settings that I need to check?

Try to pull this quickstart and create a fresh/separate project and consume both events:
https://docs.stripe.com/webhooks/quickstart
And double check if you have the signature failure.

Nope