FG
๐Ÿ”Œ APIs & SDKsStripe

Problem parsing body: No signatures found matching the expected signature for payload

Freshover 8 years ago
Mar 14, 20260 views
Confidence Score81%
81%

Problem

I'm using AWS API Gateway/Lambda which passes the request body as an actual JSON object to my Lambda function, where I am calling `stripe.webhooks.constructEvent` on it. It seems this function expects the payload to be stringified JSON, so I run `JSON.stringify` on the request body, but this fails to sign (I'm guessing because JSON.stringify subtly changes what the JSON string would look like coming from the server). Is it possible for constructEvent to detect if the payload is a JSON object and skip parsing it? I mean, in a way that maintains security?

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
High Confidence Fix
77% confidence100% success rate5 verificationsLast verified Mar 14, 2026

Solution: Problem parsing body: No signatures found matching the expected signature for payload

Low Risk

Figured it out! - In the AWS admin, go to your API gateway endpoint for your webhook, then go to the integration request. - Open the Body Mapping Templates section then select application/json -- Scroll down and you'll see your body mapping template - Add this line: `"rawbody": "$util.escapeJavaScript($input.body)",` - I'm using Serverless, and needed to redeploy my whole stack. You'll have to d

77

Trust Score

5 verifications

100% success
  1. 1

    In the AWS admin, go to your API gateway endpoint for your webhook, then go to t

    - Open the Body Mapping Templates section then select application/json -- Scroll down and you'll see your body mapping template - Add this line: `"rawbody": "$util.escapeJavaScript($input.body)",` - I'm using Serverless, and needed to redeploy my whole stack. You'll have to do similar with whatever tool you're using to get API gateway to send the rawbody attribute (this didn't seem necessary for me for other mappings like IP address, so not sure whats going on) - In your Lambda function, you should be able to use event.rawbody as is, without unescaping. Here's my code (node.js) [code block]

  2. 2

    I was just going to filter requests by IP (checking against the list of Stripe I

    I was just going to filter requests by IP (checking against the list of Stripe IPs) but this is probably a more future-proof technique.

Validation

Resolved in stripe/stripe-node GitHub issue #356. Community reactions: 10 upvotes.

Verification Summary

Worked: 5
Partial: 1
Last verified Mar 14, 2026

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

stripepaymentsapi