#CryptoFidget-webhook-error

Hello 👋
Give me a moment to catch up and I'll respond as soon as possible 🙂 thanks

no problem take your time 🙂

evt_3LD5BaF5H7jp1uQl1knxUb4j

do you have a middleware on your server that receives/parses the request before hitting the webhook event endpoint?

constructEvent function expects untouched raw payload

yes BUT

I made an exception look here:

app.use(
bodyParser.urlencoded({
extended: true
})
);

app.use((req, res, next) => {
if (req.originalUrl === "/webhook") { ///// no json encoding here
console.log("Webhook endpoint called, next without json()");
next();
} else {
express.json({ limit: "50mb" })(req, res, next);
}
});

just saying: with the stripe CLI on localhost it worked with this hack

yeah but server environments differ when using it locally vs remote 🙂

there are some workarounds in the issues here that you can try

https://github.com/stripe/stripe-node/issues/396
https://github.com/stripe/stripe-node/issues/1254

ah I see I see

endpointSecret !!!! on localhost (generated from CLI) is not the same as the one you want to use on the server!

yup, that's correct

hmm ok that was not the problem 😦

it didn't solve it

app[web.1]: Webhook was called and body is: <Buffer 7b 0a 20 20 22 69 64 22 3a 20 22 65 76 74 5f 33 4c 44 37 5a 72 46 35 48 37 6a 70 31 75 51 6c 30 4e 6f 50 33 32 46 41 22 2c 0a 20 20 22 6f 62 6a 65 63 ... 5713 more bytes>

app[web.1]: Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

damn

I see. In my experience, its almost always some middleware messing up the payload before it hits the endpoint. There are some other recommendations in the issues that I'd suggest trying out.

I am still trying.

is it correct that the endpoint secret for the webhook starts with "we_.... " ?

yup

I really tried everything

and the body looks VERY RAW

it coudn't be more raw than this.. Gordon Ramsay would say if it were more raw, it would be alive.

Webhook was called and body is: <Buffer 7b 0a 20 20 22 69 64 22 3a 20 22 65 76 74 5f 33 4c 44 37 78 79 46 35 48 37 6a 70 31 75 51 6c 31 78 53 35 74 61 62 32 22 2c 0a 20 20 22 6f 62 6a 65 63 ...

Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
still get this.

damn.

I'd check the version of the node packages that you're using with the proposed recommendations
as I believe with the latest version of express, the following should work
express.raw({type: 'application/json'})

@brisk quail I have re-opened your thread.

express.raw() doesn't even exist.

And just to double check, have you confirmed that your webhook secret variable is being set as you expect?

Trying to think of how else you can see the raw body in express

yes it is correct - since on localhost it works with the localhost secret, but when I push to the server and change the secret to that on the dashboard it doesn't work

and as I said this express.raw() doesn't even exist on that library.. I can't find it in the documentations either

what do you mean by this? As you see in my answer I get the <Buffer.... > isn't this raw?

Interesting. If it works on your localhost with that secret, it should definitely work on the server with that endpoint's secret. Can you double check that the code is pulling the value from your config properly on your server?

" Can you double check that the code is pulling the value from your config properly on your server?"

you mean if the deployment is really working? yes it is 100% working - those logs of the Buffer is from the deployed app

I meant more checking that specifically the variable you are passing in for the webhook secret is actually whsec_1234... rather than being an empty string or the old value or something?

no it is not whsec...

because the webhook secret on the dashboard starts with: we_1F...

That is the ID of the webhook itself, the webhook secret should start with whsec_

Can you go to your dashboard page again and click on the "Reveal secret" link to get your secret again? https://dashboard.stripe.com/test/webhooks/we_1234

and why is it important to copy? and why is there "expire secret.."

I think it is not the ID or is it?!

oh man you must be kidding me..... I asked two days ago if the dashboard secret starts with we_ and one of your colleages said yes...

haha

👋 Hoping in since @paper pollen had to head out - is everything okay now? Or is there still an unresolved question I can help with?

I am testing yet, wait

👍 just let me know!

It didn't work. Now I got somehow another strange error

I am making 1-2h break.. worked like 14h stright on this bug..

I'm coming back later

cu

thx