Having trouble verifying the request signature in my Stripe webhook endpoint. I keep encountering this error:
No signatures found matching the expected signature for payload. Have you passed the raw request body received from Stripe?
I've experimented with various solutions, tried different methods of parsing the raw request body, and even attempted manual verification of the HMAC sig. Unfortunately, nothing seems to be effective.
My environment:
Next.js 13.3.2 Stripe SDK 12.4.0
Steps to replicate:
- Create an endpoint at: /pages/api/p/test
Code:
import Stripe from 'stripe';
import { NextApiRequest, NextApiResponse } from 'next';
import safe from 'colors/safe';
import { buffer } from 'micro';
const handler = async (
req: NextApiRequest,
res: NextApiResponse
): Promise<void> => {
const stripe = new Stripe(process.env.STRIPE_SECRET as string, {
apiVersion: '2022-11-15',
});
const webhookSecret: string = "whsec_33244....";
if (req.method === 'POST') {
const sig = req.headers['stripe-signature'] as string;
const buf = await buffer(req);
const body = buf.toString();
let event: Stripe.Event;
try {
console.log(safe.bgGreen(body))
event = stripe.webhooks.constructEvent(body, sig, webhookSecret);
} catch (err) {
// Log and return the error message on failure
console.log(`❌ Error message: ${err.message}`);
res.status(400).send(`Webhook Error: ${err.message}`);
return;
}
// Event successfully constructed
console.log('✅ Success:', event.id);
// Typecast event data to Stripe object
if (event.type === 'payment_intent.succeeded') {
const stripeObject: Stripe.PaymentIntent = event.data.object as Stripe.PaymentIntent;
console.log(`💰 PaymentIntent status: ${stripeObject.status}`);
} else if (event.type === 'charge.succeeded') {
const charge = event.data.object as Stripe.Charge;
console.log(`💵 Charge id: ${charge.id}`);
} else {
console.warn(`🤷♀️ Unhandled event type: ${event.type}`);
}
// Respond to acknowledge receipt of the event
res.json({ received: true });
} else {
res.setHeader('Allow', 'POST');
res.status(405).end('Method Not Allowed');
}
};
export const config = {
api: {
bodyParser: false,
},
};
export default handler;
- Start dev server and initiate a stripe listener
stripe listen --forward-to localhost:3000/api/p/test
Copy the generated webhook signing secret and paste it in the code
Simulate an event
stripe trigger payment_intent.succeeded
Tried numerous approaches after thorough internet research but still stuck. Utilizing buffer from microservices package and also tested the buffer function mentioned in Stripe's documentation. It appears to parse the body correctly:
console.log(body)
{
"id": "evt_3NIzhvEcQkKxoTiV1xjEMh02",
"object": "event",
"api_version": "2022-11-15",
...
}
If anyone has any suggestions, I would greatly appreciate it!