#vikingviolinist - webhook

Hi! Debugging this can be tricky. Have you tried printing the request body, the signature, and the endpoint secret to double check if they are correct?

They all seem to be correct. Note that this is in local development. Do I have to do some additional steps in the dashboard?

What am I looking for on the webhook payload object?

Sorry for the delay. I need to step out, toby will help you soon.

Thanks anyway

Hi there 👋 webhook signature verification can definitely be a finicky process. Usually where this gives folks problems, is when the framework they're using modifies the request body behind the scenes.

Just to confirm, you're using one of our client libraries to construct the event, and that's what is returning the error you shared?

Thanks for your answer, toby. Correct, I'm using github.com/stripe/stripe-go/v72/webhook

Is it a bad idea to use v72 maybe?

I don't think so, that's our current major release version so that should be good.

Let's triple check a couple things. You're using the webhook signing secret that was generated when you used the stripe listen command, so that should be right.

When you're passing the header from the request, you're just pulling the Stripe-Signature header?

Gotcha, I was thrown off by the VerifySignature function at first, but I see now

The error triggers from the webhook.ConstructEvent call

Apologies as I'm not as familiar with Go, but my hunch is that the request body you're using isn't the raw one. Our example code for signature verification seems to go through more steps to get the raw body.

    req.Body = http.MaxBytesReader(w, req.Body, MaxBodyBytes)
    payload, err := ioutil.ReadAll(req.Body)
    if err != nil {
        fmt.Fprintf(os.Stderr, "Error reading request body: %v\n", err)
        w.WriteHeader(http.StatusServiceUnavailable)
        return
    }```
Though again, this may be a framework difference that I'm not familiar with.
https://stripe.com/docs/webhooks/signatures

Alright, will check that. Thank you!