harshit_webhooks | Stripe Developers | Page 1

tender zenithBOT Jan 8, 2026, 10:00 AM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1458762381080662030

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

tall tapir Jan 8, 2026, 10:06 AM

#

hi there!

#

can you share the webhook endpoint ID you are using (we_xxx), and the last 4 characters of the webhook secret you are using in your code?

jade depot Jan 8, 2026, 10:12 AM

#

we_1SmZe1CkhLwmVIDWByJF9OaC
secret - sZ6v

tall tapir Jan 8, 2026, 10:15 AM

#

thanks, checking

#

yes, that looks correct.

#

next, can you log the raw payload you get from Stripe? to see if it's indeed the raw payload, or if it was modified by your code/framework.

jade depot Jan 8, 2026, 10:27 AM

#

yes sure, sharing with you - in the doc example they ask for raw - in the solution thready - they are again stringifying it

tall tapir Jan 8, 2026, 10:33 AM

#

so you get a stringified payload?

jade depot Jan 8, 2026, 10:34 AM

#

#

content after 'stripe body buffer' is the raw one

#

content above it is its stringified version - which I stringified for logging purpose

#

not able to copy the buffer properly that's why sended SS

tall tapir Jan 8, 2026, 10:35 AM

#

can you share the code of your webhook endpoint?

jade depot Jan 8, 2026, 10:36 AM

#

keys are there in code - should I send it over here?

tall tapir Jan 8, 2026, 10:39 AM

#

please remove the secret keys when sharing your code

#

this is a public channel.

jade depot Jan 8, 2026, 10:41 AM

#

function(req,res,next) {

console.log('stripe body string',req.body.toString())
console.log('stripe body buffer',req.body)

const stripe = require('stripe')('stripe-key');
const endpointSecret = "secret";
const signature = req.headers['stripe-signature'];

let event;

try {
    event = stripe.webhooks.constructEvent(req.body.toString(), signature, endpointSecret);
}
catch (err) {
    console.log(`Webhook Error: ${err}`);
}

console.log('event',event)

}

tall tapir Jan 8, 2026, 10:42 AM

#

stripe.webhooks.constructEvent(req.body.toString()
why toString? you need the raw body, so without any modification from your code/framework.

jade depot Jan 8, 2026, 10:43 AM

#

I tried both - they are failing

doc mentions raw payload
https://github.com/stripe/stripe-node/issues/341#issuecomment-304497470 - mentions stringified payload -

GitHub

Webhook signature verification and bodyParser.json issue · Issue #...

If you use in your express app bodyParser.json() for all routes, and then have a dedicated route for stripe's webhook, then the second call to bodyParser.json({verify: ...}) as done in the exam...

tall tapir Jan 8, 2026, 10:45 AM

#

got it. and in the example you shared they are using bodyParser.raw({type: '*/*'}). are you doing the same?

jade depot Jan 8, 2026, 10:45 AM

#

yes

#

just made another request with req.body only - still same error

#

I used this - .use(bodyParser.raw({type: '/'}))

then the above shared function with both stringified and not stringified version of req.body

tall tapir Jan 8, 2026, 10:59 AM

#

got it, it can be tricky to get to the raw payload. have you tried all solutions mentioned in the github link?

tender zenithBOT Jan 8, 2026, 10:59 AM

#

jade depot Jan 8, 2026, 11:06 AM

#

I tried - https://github.com/stripe/stripe-node/issues/341#issuecomment-304497470

#

let me try this - https://github.com/stripe/stripe-node/issues/341#issuecomment-304733080

jade depot Jan 8, 2026, 11:23 AM

#

tried this - (let me try this - https://github.com/stripe/stripe-node/issues/341#issuecomment-304733080)

#

its logging the body as stringified but its failing -

tardy bolt Jan 8, 2026, 11:28 AM

#

So what does your code look like now?

jade depot Jan 8, 2026, 11:36 AM

#

express.js
app.route('/stripehook').post(bodyParser.raw({ type: '/' }),homeApiController.stripeApiHandler,doApi,homeApiController.stripeResponse)
app.use(bodyParser.json());

homeApiController controller file
exports.stripeApiHandler = function(req,res,next) {

console.log('stripe body buffer',req.body)

const stripe = require("stripe")(config.stripeSecKey);
const endpointSecret = "whsec_..";

const signature = req.headers['stripe-signature'];

let event;

try {
    event = stripe.webhooks.constructEvent(req.body, signature, endpointSecret);
}
catch (err) {
    console.log(`Webhook Error: ${err}`);
}

console.log('event',event)

};

#

console.log('stripe body buffer',req.body) - in this case the buffer log was like in SS

tardy bolt Jan 8, 2026, 11:46 AM

#

Yeah, that looks reasonable to me. Does it work if you comment out the console.log()?

#

Did you try already with app.post('/webhook', express.raw({type: 'application/json'}), handler … like in the docs here?
https://docs.stripe.com/webhooks?lang=node#verify-webhook-signatures-with-official-libraries

jade depot Jan 8, 2026, 11:59 AM

#

yes - this was my first implementation

jade depot Jan 8, 2026, 12:00 PM

#

tardy bolt Yeah, that looks reasonable to me. Does it work if you comment out the `console....

can this cause error?

#

10 mins please sir - lunch

tall tapir Jan 8, 2026, 12:02 PM

#

the logs should have no impact on the call to constructEvent.

jade depot Jan 8, 2026, 12:27 PM

#

anything you found wrong with my code -

#

endpointSecret I verified, stripeSecKey is the sandbox account details: Secret Key

tall tapir Jan 8, 2026, 12:31 PM

#

not sure how to help sorry, you'll need to try all the suggestions in the github link, to find a way to get the raw body.

#harshit_webhooks