#gary_webhooks

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1291825286878462016

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• gary_webhooks, 15 hours ago, 21 messages

const AWS = require('aws-sdk');

// Set the AWS region3
AWS.config.update({ region: 'us-east-2' });

// Create a Secrets Manager client
const secretsManager = new AWS.SecretsManager();

// Specify the secret name
const secretName = 'testSecretKeys';

// Retrieve the secret value
secretsManager.getSecretValue({ SecretId: secretName }, (err, data) => {
if (err) {
console.error(Error retrieving secret: ${err});
} else {
// Parse and use the secret data

secretData = JSON.parse(data.SecretString);
const stripeSKKey = secretData['skXXX'];
const stripePKKey = secretData['pkXXX'];
//const endpointSecret = 'whsec_XXX';
const endpointSecret = secretData['whepXXX'];
const stripe = require('stripe')(stripeSKKey);

const express = require('express');
const app = express();

app.post('/webhook', express.raw({type: 'application/json'}), (request, response) => {
let event = request.body;
// Only verify the event if you have an endpoint secret defined.
// Otherwise use the basic event deserialized with JSON.parse
if (endpointSecret) {
// Get the signature sent by Stripe
const signature = request.headers['stripe-sig'];
try {
event = stripe.webhooks.constructEvent(
request.body,
signature,
endpointSecret
);
} catch (err) {
console.log(⚠️ Webhook signature verification failed., err.message);
return response.sendStatus(400);
}

Hi there

hello thanks for the help

I don't see anything obvious 🤔

Signature issues are tricky to debug in general

it works if I uncomment this line and use the non-secured webhook secret just not the AWS Secrets Manager one... //const endpointSecret = 'whsec_XXX';

I see, okay

Perhaps this line is doing something strange to the secret?
secretData = JSON.parse(data.SecretString);

I'm guessing I should secure this endpoint secret so its not exposed to hackers

We also have some general recommendations here for resolving signature errors: https://docs.stripe.com/webhooks/signature

Any recommendations on code to secure the Webhook endpointSecret if AWS Secrets Manager isn't going to work?

I'm pretty sure AWS Secrets Manager should work here

The solution described here looks relevant: https://github.com/stripe/stripe-node/issues/356

This guthub appears to be all based on AWS Lambda and I'm not sure it applies to my AWS EC2 Linux, Node.JS code

Got it. Give me a few minutes, I'll need to loop in a teammate

Have you tried logging const endpointSecret = secretData['whepXXX']; just for test purposes?

That's step 1