Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Stripe Error: No signatures found matching the expected signature for payload

I have a stripe webhook that call a Firebase function. In this function I need to verify that this request comes from Stripe servers. Here is the code :

const functions = require('firebase-functions'); const bodyParser = require('body-parser'); const stripe = require("stripe")("sk_test_****"); const endpointSecret = 'whsec_****'; const app = require('express')();  app.use(bodyParser.json({     verify: function (req, res, buf) {         var url = req.originalUrl;         if (url.startsWith('/webhook')) {             req.rawBody = buf.toString()         }     } }));  app.post('/webhook/example', (req, res) => {     let sig = req.headers["stripe-signature"];      try {         console.log(req.bodyRaw)         let event = stripe.webhooks.constructEvent(req.body, sig, endpointSecret);         console.log(event);         res.status(200).end()          // Do something with event     }     catch (err) {         console.log(err);         res.status(400).end()     } });  exports.app = functions.https.onRequest(app); 

As mentioned in Stripe Documentation, I have to use raw body to perform this security check.

I have tried with my current code and with :

app.use(require('body-parser').raw({type: '*/*'})); 

But I always get this error :

Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing 
like image 289
Zat42 Avatar asked Dec 22 '18 21:12

Zat42


People also ask

How to get Stripe webhook signing secret?

Before you can verify signatures, you need to retrieve your endpoint's secret from your Dashboard's Webhooks settings. Select an endpoint that you want to obtain the secret for, then click the Click to reveal button. Stripe generates a unique secret key for each endpoint.

What is a webhook signature?

Verify the events that OnceHub sends to your webhook endpoints. Suggest Edits. OnceHub can sign all webhook events sent to your endpoints with a signature. This signature appears in each event's Oncehub-Signature header.

Where to get webhook secret?

Select Configuration in the project settings panel. Scroll down to the Webhook Deploy Secret section, then click Set Webhook Secret. Looker will automatically generate a secret token. You can use this automatically generated secret, or you can type in your own secret token.

What is webhook secret?

Secret. Setting a webhook secret allows you to ensure that POST requests sent to the payload URL are from GitHub. When you set a secret, you'll receive the X-Hub-Signature and X-Hub-Signature-256 headers in the webhook POST request.


1 Answers

Cloud Functions automatically parses body content of known types. If you're getting JSON, then it's already parsed and available to you in req.body. You shouldn't need to add other body parsing middleware.

If you need to process the raw data, you should use req.rawBody, but I don't think you'll need to do that here.

like image 150
Doug Stevenson Avatar answered Oct 03 '22 01:10

Doug Stevenson