krisgardiner - webhook signature verification | Stripe Developers | Page 1

tranquil pasture Apr 1, 2022, 2:43 PM

#

Hello, can you send me the snippet of your code where you are trying to verify the signature?

drifting heart Apr 1, 2022, 2:44 PM

#

webhooksRouter.post("/stripe", (req, res) => {
  const sig = req.headers["stripe-signature"] as string;

  if (!sig) {
    return res.sendStatus(400);
  }

  let event: Stripe.Event;

  try {
    event = stripe.webhooks.constructEvent(
      req.body,
      sig,
      process.env.STRIPE_WEBHOOK_SECRET || ""
    );

  } catch (err) {
    const error = err as Error;
    return res.status(400).send(`Webhook Error: ${error.message}`);
  }

tranquil pasture Apr 1, 2022, 2:45 PM

#

Thank you. Looking in to this. Getting the raw body can be tough

#

Have you double checked that process.env.STRIPE_WEBHOOK_SECRET is being read properly?

drifting heart Apr 1, 2022, 2:45 PM

#

yes

tranquil pasture Apr 1, 2022, 2:46 PM

#

And is in the same live/test mode as your events?

drifting heart Apr 1, 2022, 2:46 PM

#

yes I believe so

#

n/m found issue.
bodyParser.json() is not the same as
express.raw({ type: "application/json" })

#

thanks for your time @tranquil pasture

tranquil pasture Apr 1, 2022, 2:50 PM

#

Ah there we go. Yeah getting the raw body is often the hardest part. Very easy to accidentally use a method that manipulates the json a bit

#krisgardiner - webhook signature verification