#DiegoRX-webhook-signature

What does your code for getting the raw body look like? Are you using any middleware like body parser that could be modifying the request body?

async function buffer(readable) {
const chunks = [];
for await (const chunk of readable) {
chunks.push(typeof chunk === 'string' ? Buffer.from(chunk) : chunk);
}
return Buffer.concat(chunks);
}

const webhookStripe = async (request, response) => {
const buff = await buffer(request)
const sig = request.headers['stripe-signature'];

let event;
let charge;
let dispute;
let refund;

console.log('raw body:'+getRawBody(request),)
try {
event = stripe.webhooks.constructEvent(getRawBody(request), sig, process.env.WEBHOOK_SECRET);
} catch (err) {
console.error(err)
response.status(400).send(Webhook Error: ${err.message});
return;
}

app.use((req, res, next) => {
if (req.originalUrl === '/webhook') {
next(); // Do nothing with the body because I need it in a raw state.
} else {
express.json()(req, res, next); // ONLY do express.json() if the received request is NOT a WebHook from Stripe.
}
});

router.post('/webhook', webhookStripe)

Those are my 3 files

I'd suggest tryingn this solution out and see if it works: https://github.com/stripe/stripe-node/issues/341#issuecomment-818708675

No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

sdame mistake

I have tried a lot of solutions, but I don't know why

May be do you have a meet service

It can be very tricky to get the raw body. Checking in to other possible solutions...

Can you clarify what you mean by "a meet service" there?

like google meets or zoom

videoconference

sure it is

may be do you have any other implementation of the code?

Gotcha. Unfortunately we don't do calls support from this server.

For Node, I don't know if we have an example for your specific config.

Also where is the getRawBody function from?

its an npm library

Gotcha. Can you link to it?

Not too familiar with Node but I did notice our sample specifies express.raw({type: 'application/json'} in the post definition
app.post('/webhook', express.raw({type: 'application/json'}), (request, response) => ...
Is there a reason it is not in your code?

Also, sometimes it can be the other parameters that are being passed in. I would double check that the webhook secret and signature are being populated as you expect

{"created":1326853478,"livemode":false,"id":"evt_00000000000000","type":"charge.succeeded","object":"event","request":null,"pending_webhooks":1,"api_version":"2020-08-27","data":{"object":{"id":"ch_00000000000000","object":"charge","amount":100,"amount_captured":0,"amount_refunded":0,"application":null,"application_fee":null,"application_fee_amount":null,"balance_transaction":"txn_00000000000000","billing_details":{"address":{"city":null,"country":null,"line1":null,"line2":null,"postal_code":null,"state":null},"email":null,"name":null,"phone":null},"calculated_statement_descriptor":null,"captured":false,"created":1640275073,"currency":"usd","customer":null,"description":"My First Test Charge (created for API docs)","disputed":false,"failure_code":null,"failure_message":null,"fraud_details":{},"invoice":null,"livemode":false,"metadata":{},"on_behalf_of":null,"order":null,"outcome":null,"paid":true,"payment_intent":null,"payment_method":"card_00000000000000","payment_method_details":{"card":{"brand":"visa","checks":{"address_line1_check":null,"address_postal_code_check":null,"cvc_check":"pass"},"country":"US","exp_month":8,"exp_year":2022,"fingerprint":"L8jOwuZolRDWnavI","funding":"credit","installments":null,"last4":"4242","network":"visa","three_d_secure":null,"wallet":null},"type":"card"},"receipt_email":null,"receipt_number":null,"receipt_url":"https://pay.stripe.com/receipts/acct_1Jgq9XLTTW4EZI3Z/ch_3K9tfxLTTW4EZI3Z0fKoII3c/rcpt_KpYnxmZlcIpsDA7x8CPnpeXMs6ZnH9t","refunded":false,"refunds":{"object":"list","data":[],"has_more":false,"url":"/v1/charges/ch_3K9tfxLTTW4EZI3Z0fKoII3c/refunds"},"review":null,"shipping":null,"source_transfer":null,"statement_descriptor":null,"statement_descriptor_suffix":null,"status":"succeeded","transfer_data":null,"transfer_group":null}}}

this is the code that iam paassing as rawBody

app.post('/webhook', express.raw({type: 'application/json'}), (request, response) => ...

I have tried with and without it

Good to know. That body looks like it could be correct but it is hard to tell. Our signature verification expects the exact same body that we made a hash of before sending to you, including white space and newlines, so I can't tell if that is the exact one from that message.

As a possible quick check, would you be able to run our sample code and see if it outputs the exact same body? https://stripe.com/docs/webhooks/quickstart

Like before I have written the raw body of that to a file and diffed that with what my own webhook code was doing to confirm if the bodies were exacty the same or not.