3

so I've recently dealt with some stripe code and I've decided that it's time for webhooks. I looked at the webhooks page on the stripe webpage, copied the source code and it doesn't work.

client.post('/webhook', express.raw({ type: 'application/json' }), (request, response) => {
        const sig = request.headers['stripe-signature'];
        let event;
        try {
            event = exports.stripe.webhooks.constructEvent(request.body, sig, code);
        }
        catch (err) {
            response.status(400).send(`Webhook Error: ${err.message}`);
            return;
        }
        // Handle the event
        switch (event.type) {
            case 'payment_intent.succeeded':
                const paymentIntent = event.data.object;
                console.log(paymentIntent);
                break;
            // ... handle other event types
            default:
                console.log(`Unhandled event type ${event.type}`);
        }
        // Return a 200 response to acknowledge receipt of the event
        response.send();
    });

I've checked multiple times if my code is the same but it is. Can someone tell me what's wrong? I'm listening on port 3001 as well if that's the case.

kalempster
  • 397
  • 3
  • 13
  • There are many other questions here with your exact error msg, have you seen those? In most cases it is caused bcs the app is parsing/processing the raw request (and so modifying it), so the signature does not match. https://stackoverflow.com/questions/56816184/stripe-webhook-error-no-signatures-found-matching-the-expected-signature-for-pa, https://stackoverflow.com/questions/59636081/how-to-fix-stripe-payments-error-no-signatures-found-matching-the-expected-sign, https://stackoverflow.com/questions/53899365/stripe-error-no-signatures-found-matching-the-expected-signature-for-payload, ... – Don't Panic Mar 12 '22 at 22:36
  • @Don'tPanic thanks for the linked questions. I don't know why I didn't see them when googling. I also should've added the whole index.js code not only the webhook. The problem was that I was using express.json before registering the route (because my api routes used express.json) – kalempster Mar 13 '22 at 08:20
  • Does this answer your question? [Stripe Error: No signatures found matching the expected signature for payload](https://stackoverflow.com/questions/53899365/stripe-error-no-signatures-found-matching-the-expected-signature-for-payload) – gre_gor May 19 '23 at 16:18

2 Answers2

9

So now I know what modifies the raw data of the request. It's the express.json() middleware that my api route was using. After moving them below the webhook it works like a charm!

client.post('/webhook', express.raw({ type: 'application/json' }), (request, response) => {
        const sig = request.headers['stripe-signature'];

        let event: Stripe.Event;

        try {
            event = stripe.webhooks.constructEvent(request.body, sig, code);
        } catch (err) {
            response.status(400).send(`Webhook Error: ${err.message}`);
            return;
        }

        // Handle the event
        switch (event.type) {
            case 'payment_intent.succeeded':
                const paymentIntent = event.data.object;
                console.log(paymentIntent);

                break;
            // ... handle other event types
            default:
                console.log(`Unhandled event type ${event.type}`);
        }

        // Return a 200 response to acknowledge receipt of the event
        response.send();
    });
    client.use(express.json());

    client.use("/api/", router);
kalempster
  • 397
  • 3
  • 13
  • Good catch. They updated this sample code from previously using express.json({verify: (_,_,buf)=>{}} middleware. Its cleaner but this middleware ordering point is a subtle one. – Goose Jul 11 '22 at 03:03
  • Supremely helpful post. Will similarly add if you have the line `app.use(bodyParser.json());` it also needs to be below the webhook. Lifesaver. – Ahmed Haque Jul 29 '22 at 23:19
0

I was just using webhook id instead of the secret. secret will always start with "whsec_****************************"

Credit: Stripe Error: No signatures found matching the expected signature for payload

Debojyoti
  • 4,503
  • 3
  • 19
  • 27