#donna-j_webhooks

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1435034890847522916

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

👋 just reading over your question

Can you share the code you are using to process webhook events?

I'm guessing you've already looked over

https://docs.stripe.com/webhooks#webhook-endpoint-def

sure..

This is the code..we use for webhooks events.

Yes, I did use the docs,. It looks like I have all the changes required to complete the setup. Would there be any issue with the api version..?

Can you confirm the requests triggering the events are being made by keys from the same account associated with the webhook secret you are using?

API differences might change what fields are available but shouldn't impede signature recognition.

usually this error is a wh_signature mismatch

middleware is another common culprit here

Got it.. My keys are :STRIPE_SECRET_KEY, STRIPE_PUBLISHABLE_KEY are the ones in the dashboard.

for the same sandbox account?

STRIPE_WEBHOOK_SECRET is the one which we are using in webhooks signing key..

yes..for the sandbox..

We have configured the same in cloud run as well.

Will the STRIPE_WEBHOOK_SECRET have t,v1,v0 in it?

I dont see anything like that..

This is my endpoint url:https://neighbor-drop-backend-358030798717.us-central1.run.app/api/stripe/webhook

Are you referring to the stripe-signature header?

yes..

then yes. that is expected

In the debug console, the errorwe get is: Webhook signature verification failed: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
webhook.ts:42
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
webhook

the webhook secret is a randomized string starting with whsec_ just making sure we are referring to the same thing

Could you also share the sandbox account id?

and an example request id that you are hoping to retrieve the Webhook event for

Our account id is acct_1RihFZI86rya3YLl

the is our user account id:acct_1SOJDRETItnpyqT5 that we are hoping to get updated via webhooks..

Does our code shared looks different?

this the Destination ID:
we_1SPTuGIq2bf80JUVkDNw7nnZ

It looks like that webhook endpoint is associated with acct_1RihFjIq2bf80JUV

is that the account you are getting your wh_sec from? Every sandbox will have it's own set of keys/wh_secrets

Got your point. Webhook should be configured for acct_1RihFZI86rya3YLl, this is the sandbox.

Just wondering should I not configure it in Stripe dashboard?

We have this code which I shared in our app and I believe we configured the endpoint to stripe webhook assuming it would be for the sandbox as whole.

Sorry if i'm being redundant just want to make sure i'm being clear.

we_1SPTuGIq2bf80JUVkDNw7nnZ will only receive events triggered with sandbox keys for acct_1RihFjIq2bf80JUVand can only be verified by the wh_secret for acct_1RihFjIq2bf80JUV(sandbox). Every sandbox has it's own set of endpoints, it's own secrets, and they will only work for events originating from keys for that specific sandbox.

To help me ensure all is in alignment, can you share the exact dashboard URL where that screenshot was taken from.

sure... no problem. the account acct_1RihFjIq2bf80JUV is app owners account and this is where we need the webhook setup done.

https://dashboard.stripe.com/acct_1RihFjIq2bf80JUV/test/workbench/webhooks/we_1SPTuGIq2bf80JUVkDNw7nnZ

this is the url..

the screenshot url is:https://dashboard.stripe.com/acct_1RihFjIq2bf80JUV/test/workbench/webhooks

Thanks for confirming.

Sorry to go in circles there, we just often go deeper into these webhook hook issues only to usually fall back to the same two issues, key misalignment or middlware

So it's usually beneficial to be extra careful to have that sorted before digging deeper

i'm trying to reproduce on my end

No problem at all. Just wanted to figure out what went wrong at our end.. So the setup looks fine?

at a glance nothing stands out, having to look over it closer and try and repro

i'm wondering if this is some middleware issue on your severs local environment. I'm basically using your code verbatim with the exception of the endpoint url and it's working on my end.

Hm..I did read about the middleware issue.. so we are invoking it like this above all.// Setup Stripe webhook (must be before bodyParser for raw body)
setupStripeWebhook(app);

Is there a way to find out more about the middleware issue.

Often dumping the request body is a good starting point? How are you hosting the server?

We are using Cloud Run.

We are not doing anything explicitly for webhooks in cloud run.

Once the code deployed.. so we have the endpoint as : https://neighbor-drop-backend-358030798717.us-central1.run.app/api/stripe/webhook

Ideally, Stripe should access this with their payload/request..

some times the request gets modified on the way in, i'm digging to see if there are any known hurdles when using cloud run to recieve webhook events

I did check the logs in cloud run: POST400638 B8 msStripe/1.0 (+https://stripe.com/docs/webhooks) https://neighbor-drop-backend-358030798717.us-central1.run.app/api/stripe/webhook

{
httpRequest: {10}
insertId: "6908e57f000998ca39adb00a"
labels: {1}
logName: "projects/neigbordrop-mvp/logs/run.googleapis.com%2Frequests"
receiveTimestamp: "2025-11-03T17:25:19.635291800Z"
resource: {2}
severity: "WARNING"
spanId: "eeb092871cb6f022"
timestamp: "2025-11-03T17:25:19.610543Z"
trace: "projects/neigbordrop-mvp/traces/a283e3d22a534e966a4b927397b47085"
traceSampled: true
}

what would a 400 status code suggest in stripe? these are the logs from Cloud run.

Hi! I am stepping in for my colleague. Give me a moment to catch up.

sure no proble. Tnaks again for the support.

httpRequest: {14}
insertId: "6908e971000f1e95c376f39d"
labels: {1}
logName: "projects/neigbordrop-mvp/logs/run.googleapis.com%2Frequests"
payload: "payloadNotSet"
receiveLocation: "us-central1"
receiveTimestamp: "2025-11-03T17:42:10.077070895Z"
resource: {2}
severity: "WARNING"
spanId: "72f23781393449e8"
timestamp: "2025-11-03T17:42:09.980725Z"
trace: "projects/neigbordrop-mvp/traces/f774b2a7f79f4f025a60b3843c256fbf"
traceSampled: false
}--I did see another log like this in cloud run. It seems payloadNotSet.