#rc9999999-signature-verification

Hi there 👋 have you made sure that when you parse the webhook body that the framework you're using isn't manipulating it?

How can I check this?

Hi there 👋 have you made sure that your framework isn't manipulating the body when you consume req.body?

The req.body looks like the full, complete object I should be getting

The error is No signatures found matching the expected signature for payload.

But I can console.log the signature?

That error indicates that the signature calculated doesn't match the one that it was expected to. I ran into a problem when I was doing this in a test account where my Express environment was altering the body in an attempt to be helpful. I had to end up reading from the buffer instead to bypass that.

Server

app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(cookieParser());

Routes

app.use(express.json());

But I receive the full object body? & the headers when I log them both

But I'm requesting the raw object:

router.post(
  "/webhook",
  express.raw({ type: "application/json" }),
  WebhookSubscription
);

Can you paste the body here?

  id: 'xxxxxxxxxxxxxx',
  object: 'event',
  api_version: '2020-08-27',
  created: 1642601143,
  data: {
    object: {
      id: 'xxxxxxxxxxxxxx',
      object: 'invoice',
      account_country: 'GB',
      account_name: 'Sesame',
      account_tax_ids: null,
      amount_due: 2000,
      amount_paid: 2000,
      amount_remaining: 0,
      application_fee_amount: null,
      attempt_count: 1,
      attempted: true,
      auto_advance: false,
      automatic_tax: [Object],
      billing_reason: 'subscription_create',
      charge: 'xxxxxxxxxxxxxx',
      collection_method: 'charge_automatically',
      created: 1642601141,
      currency: 'usd',
      custom_fields: null,
      customer: 'xxxxxxxxxxxxxx',
      customer_address: null,
      customer_email: null,
      customer_name: null,
      customer_phone: null,
      customer_shipping: null,
      customer_tax_exempt: 'none',
      customer_tax_ids: [],
      default_payment_method: null,

      default_source: null,
      default_tax_rates: [],
      description: null,
      discount: null,
      discounts: [],
      due_date: null,
      ending_balance: 0,
      footer: null,
      hosted_invoice_url: 'https://invoice.stripe.comxxxxxxxxxxxxxx',
      invoice_pdf: 'https://pay.stripe.com/invoice/xxxxxxxxxxxxxx',
      last_finalization_error: null,
      lines: [Object],
      livemode: false,
      metadata: {},
      next_payment_attempt: null,
      number: 'xxxxxxxxxxxxxx',
      on_behalf_of: null,
      paid: true,
      paid_out_of_band: false,
      payment_intent: 'xxxxxxxxxxxxxx',
      payment_settings: [Object],
      period_end: 1642601141,
      period_start: 1642601141,
      post_payment_credit_notes_amount: 0,
      pre_payment_credit_notes_amount: 0,
      quote: null,
      receipt_number: null,
      starting_balance: 0,
      statement_descriptor: null,
      status: 'paid',
      status_transitions: [Object],
      subscription: 'xxxxxxxxxxxxxx',
      subtotal: 2000,
      tax: null,
      total: 2000,
      total_discount_amounts: [],
      total_tax_amounts: [],
      transfer_data: null,
      webhooks_delivered_at: null
    }
  },
  livemode: false,
  pending_webhooks: 1,
  request: {
    id: 'xxxxxxxxxxxxxx',
    idempotency_key: 'xxxxxxxxxxxxxx'
  },
  type: 'invoice.payment_succeeded'
}

I had to split it into two messages

Yeah, so there's whitespace there that wouldn't be in the raw body. Here is what I did in my express app to get the raw body:

app.use(bodyParser.json({
  verify: (req, res, buf) => {
    req.rawBody = buf
  }
})); ```

Then I consume `req.rawBody` when doing the verification.

bodyParser is depreciated isn't it?

I'm not certain

I need to step away so I’m going to archive this thread. If you need help with anything else please ask in #dev-help or contact Stripe Support: https://support.stripe.com/contact