I tried to create a webhook request to test locally, the library gave an error. I generated the body of the request by sending a test balance.available webhook here: https://dashboard.stripe.com/test/webhooks/we_1BI2E2IYOmXNPhc1uOyyRvHg I copied the body and put it into a file /tmp/stripe.webhook.json.tmp. The docs describe how to generate a signature: https://stripe.com/docs/webhooks#signatures
$ date +%s
1509229775
$ cat /tmp/stripe.webhook.tmp | openssl dgst -hmac whsec_nRZzpzBajM5zBLxnyFAHNZLkLLEu5Xlj -sha256
(stdin)= de2da72d739f0bdf0e2289eab5ac131f51cdd35af8f9c1f1224333b53abde9f7
$ curl -s -X POST http://localhost:3000/stripe/webhook -H "Stripe-Signature: t=1509229775,v1=de2da72d739f0bdf0e2289eab5ac131f51cdd35af8f9c1f1224333b53abde9f7" -d @/tmp/stripe.webhook.json.tmp | head -2
Invalid signature.
$ head -2 /tmp/stripe.webhook.tmp
1509229775.{
"created": 1326853478,
$ head -2 /tmp/stripe.webhook.json.tmp
{
"created": 1326853478,
def webhook
payload = request.body.read
sig_header = request.env['HTTP_STRIPE_SIGNATURE']
endpoint_secret = ENV['STRIPE_WEBHOOK']
event = nil
begin
event = Stripe::Webhook.construct_event(payload, sig_header,
endpoint_secret)
rescue JSON::ParserError => e
# Invalid payload
render plain: "Invalid JSON.", status: 400
return
rescue Stripe::SignatureVerificationError => e
# Invalid signature
render plain: "Invalid signature.", status: 400
return
end
I think the issue has to do with the curl
call. The -d
/--data
argument is stripping any line breaks from your json
and the resulting digest computed by Stripe::Webhook.construct_event
is different than what you've computed in the terminal.
After generating a digest I curled at my webhook endpoint:
Using the standard -d
, threw an error saying the signature was invalid
curl -s -X POST http://localhost:3000/webhook -H "Stripe-Signature: t=1509309309,v1=a2e2776cd5a57ba60355f7cfa3bcdd1d69e773373a0da" -d @./webhook.json.tmp
Whereas, specifying the --data-binary
returned a valid signature
curl -s -X POST http://localhost:3000/webhook -H "Stripe-Signature: t=1509309309,v1=a2e2776cd5a57ba60355f7cfa3bcdd1d69e773373a0da" --data-binary @./webhook.json.tmp
The best is to use Stripe CLI : https://github.com/stripe/stripe-cli
You can forward the request to localhost address.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With