Webhook validate signing error: No signature found matching the expected signature for payload. | express
Problem
Another 'Webhook validate signing' issue! Whoooohooo 🥳 Hi there! I am trying to built a Backend Server for a Web project with Google Cloud App Engine. What do I want to achieve: I want to verify all my received WebHooks from Stripe. What is my Problem: Currently I always get the same error message. [code block] I tried lot's of ways getting the raw body from the request and passing it to the `stripe.webhooks.constructEvent` Method. But all failed... My Code to reproduce [code block] As you can see it is nearly identical to the code from the Stripe Docs. I am not sure if App Engine, from Google Cloud, is parsing the request body before I can even touch it. My only reference point is that if I `console.log` out the complete request, the `body` part is always already parsed as a JSON, at least it seems like it. This is what I get when I do [code block]: [code block] What I have tried so far I tried many things. - [code block] Result: [code block] - [code block] Result: [code block] - [code block] (same as in 'My Code to reproduce') Result: [code block] - I have also tried the 'simple middleware' idea from jlomas-stripe. But still: Result: [code block] - [code block] Result: [code block] - [code block] Result: [code block] - [code block] Result: [code block] ... At the end, as you can see, I got very frustrated ☹️ ... Is this a Bug or is there a solution to fix it? I have only tested it with the Stripe CLI. | Name | Version | | -
Error Output
Error message: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Fix Webhook Signature Validation Error in Express with Stripe
The error occurs because the request body is being parsed as JSON before it reaches the Stripe webhook handler. Stripe requires the raw body of the request to validate the signature. If the body is parsed, the signature validation will fail as the expected payload will not match.
Awaiting Verification
Be the first to verify this fix
- 1
Use Raw Body Middleware
Implement middleware to capture the raw body of the request before it is parsed. This can be done using the 'body-parser' library with the 'raw' option.
javascriptconst bodyParser = require('body-parser'); app.use(bodyParser.raw({ type: 'application/json' })); - 2
Configure Webhook Endpoint
Set up the webhook endpoint to use the raw body for signature verification. Pass the raw body and the Stripe signature to the `constructEvent` method.
javascriptapp.post('/webhook', (req, res) => { const sig = req.headers['stripe-signature']; const rawBody = req.body; let event; try { event = stripe.webhooks.constructEvent(rawBody, sig, endpointSecret); } catch (err) { console.log('Error:', err.message); return res.status(400).send(`Webhook Error: ${err.message}`); } // Handle the event res.json({ received: true }); }); - 3
Verify Content-Type Header
Ensure that the content type of the incoming request is set to 'application/json'. This is necessary for the raw body middleware to function correctly.
javascriptapp.use((req, res, next) => { if (req.headers['content-type'] !== 'application/json') { return res.status(400).send('Invalid Content-Type'); } next(); }); - 4
Test with Stripe CLI
Use the Stripe CLI to send test webhook events to your endpoint. Ensure that the signature is valid and that your server processes the event correctly.
bashstripe listen --forward-to localhost:3000/webhook
Validation
To confirm the fix worked, check the logs for successful webhook event processing without signature errors. You should see the event being logged or handled correctly in your application. Additionally, test with the Stripe CLI to ensure the signature validation passes.
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep