haletothewood-webhooks | Stripe Developers | Page 1

little mason Feb 7, 2022, 5:51 PM

#

hello! are you writing in Node?

grim moat Feb 7, 2022, 5:53 PM

#

Yes

little mason Feb 7, 2022, 5:55 PM

#

yeah so webhook signing verification is a common issue with Node, mostly comes down to some middleware in your web server modifying the raw body of the incoming webhook event.

grim moat Feb 7, 2022, 5:58 PM

#

But why would it be intermittent?

#

Some events are verified

little mason Feb 7, 2022, 6:12 PM

#

I don't know! but it would be something on your end in how your webhook event body parsing works, I've seen it very often with Node and there are suggestions in a Github Issue on the stripe-node repo https://github.com/stripe/stripe-node/issues/341

GitHub

Webhook signature verification and bodyParser.json issue · Issue #3...

If you use in your express app bodyParser.json() for all routes, and then have a dedicated route for stripe's webhook, then the second call to bodyParser.json({verify: ...}) as done in the ...

grim moat Feb 7, 2022, 6:14 PM

#

Thanks for sharing but unfortunately not one of those examples helps given our serverless implementation.

little mason Feb 7, 2022, 6:29 PM

#

yeah I am not sure what is exactly relevant to you or not but I would debug by logging out the raw body of the webhook event you're receiving and start there

proud forum Feb 7, 2022, 6:40 PM

#

👋 @grim moat just hopping in since @little mason has to hop out

#

Do you have a body mapping template set up already for Content-Type: application/json ? If not, you'll likely need to add one to specifically handle the raw body

grim moat Feb 7, 2022, 6:48 PM

#

Yes we do

proud forum Feb 7, 2022, 6:49 PM

#

Do you mind copy-pasting it here so I can see if anything stands out?

grim moat Feb 7, 2022, 6:50 PM

#

We have it declared in tf:

#

request_templates = {
"application/json" = "Action=SendMessage&MessageBody=$input.body&MessageAttribute.1.Name=stripe_signature&MessageAttribute.1.Value.DataType=String&MessageAttribute.1.Value.StringValue=$input.params().header.get("Stripe-Signature")"
}

#

This includes parsing the stripe signature header.

#

Also, just to say, thank you for your help. It OOO for us now so it may not be till am I can respond.

proud forum Feb 7, 2022, 6:54 PM

#

👍 that's fine - i'll leave some thoughts here and you can respond later. This thread may be closed, but you can always ask for it to be reopened

#

I'm expecting you need something like this:

{
  "method": "$context.httpMethod",
  "body": $input.json('$'),
  "rawBody": "$util.escapeJavaScript($input.body).replaceAll("\\'", "'")",
  "headers": {
    #foreach($param in $input.params().header.keySet())
    "$param": "$util.escapeJavaScript($input.params().header.get($param))"
    #if($foreach.hasNext),#end
    #end
  }
}

so that you can then use rawBody as the payload when you do signature verification

#haletothewood-webhooks