#binod-webhooks

👋 happy to help

what's your Q?

sorry i was having internet issue

i im using webhook to trigger successful payment on subscription

its working fine on development. using CLI

but have this error No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

on live

https://stripe.com/docs/webhooks/signatures

Im following this doc

it works on local

not on live

have you changed the endpoint secret on live?

you mean webhook url?

no the whsec_xxx

yes, updated webhook secret on live and regsitered endpoint yes well

error message StripeSignatureVerificationError: No signatures found matching the expected signature for payload

should I share my webhook_secret?

??

hello?

yes, updated webhook secret on live and regsitered endpoint yes well
did you change the secret in your actual code?

yes

like, when using stripe-cli you probably used the whsec_xxx it prints, and put that into your code. If that code is now deployed to a live server and you created an endpoint on the Stripe dashboard, you need to configure the code to use the secret printed on the Stripe dashboard for that endpoint.

No, Im using whsec_xx from environment file

which is updated on live codebase

and you're 100% sure it's correct and matches the one on the Stripe dashboard?

you've added logging to print the variable the code actually uses it and checked?

yes, just checked it

is there a way to trigger webhook without spending money on live?

ok then please share the following:

• an event ID evt_xxx that is being delivered that you can't verify the signature of
• the exact code(paste it, not a screenshot) of your complete webhook endpoint(make sure to remove any secrets)
• the whsec_xxx your code is using that you logged. Please don't share the whole thing, just the last 5 characters would help

depends what webhook events you're listening to. e.g. if you listen to customer.created you can just create a dummy Customer.

there's really only two causes of this problem

a) you are using the wrong webhook signing secret
b) the payload you pass to our constructEvent function is not the exact raw HTTP request body we sent to the webhook, which can happen if you are using a web framework that might be trying to parse the body for you(you'd need to disable anything like that)

yeah, but if parsing was a issue, it won't work on local as well right?

exactly

so you know why I ask you to triple check it's the right secret :p

if you share the information I asked for above I can try to dig a little deeper

I triggered webhook with customer create

webhook secret is there

ending with VvffXftQU7iS2

wehook id we_1LKkk9HsW9ET26JguGyryPwz

event id evt_1LNx0hHsW9ET26JgKSNCkI7E

thanks, let me look. The code would be useful too

const sig = headers['stripe-signature']; let event; console.log({ WEBHOOK_SECRET }); event = stripe.webhooks.constructEvent(payload, sig, WEBHOOK_SECRET); console.log('EVENT==>', event.type); if (event.type === STRIPE_EVENTS.PAYMENT_INTENT_SUCCEEDED) { const session = event.data.object; const session_data = await this.getSessionDetails(session.id); console.log('session_data', session_data); if (!session_data) throw Error('Session does not exist!'); const { sales_data } = session_data; const added_sales = await this.add({ ...sales_data, tenant_name: sales_data.tenant, payment_mode: PAYMENT_MODES.FIAT, }); console.log('added_sales', added_sales); const saveSales = await this.saveSalesDataToClient(sales_data); console.log('saveSales', saveSales); const transferred = await this.transferNFTOwnership(sales_data); console.log('transferred', transferred); if (transferred) return this.updateTransferredStatus(added_sales._id); }

ending with VvffXftQU7iS2
that doesn't seem correct

https://dashboard.stripe.com/webhooks/we_1LKkk9HsW9ET26JguGyryPwz the secret on that page ends in 8RVXmevWh

you've confused it with your other, Connect endpoint, that you created with the same URL for some reason(that makes no sense, please don't do that, always use separate URLs for the different endpoints). That's the problem.

should I delete Connect endpoint?

you don't have to but it's not really doing anything right now. Deleting it won't fix this problem

to fix this problem you need to udpate your code/env file to use the correct secret (the one from the endpoint I linked, the non-Connect one)

where is the webhook secret located?

okay, so the issue was I was using secret of .com endpoint