Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?

[Aymenm23]

Hello,

I am a rookie coder, teaching myself as I go so this may be a very basic issue. I was able link all of the components and I manually had the tables created on the sql editor on supabase. I had a profiles table made as well. I just keep getting the issue below when adding products. Even when i go on the developer tab I keep getting all failed requests on webhooks.

Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?

I am assuming this has something to do with the environmental variables. I know the webhook secret live key is the signing secret I am unsure what "STRIPE_WEBHOOK_SECRET" is.

My suggestion is just a theory if anyone ran into the error I raised and have a solution of their own that would be much appreciated.

[rannikkopyry]

I facing the same issue with the live keys, works with the test API keys.

[louis030195]

same here

No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? Learn more about webhook signing and explore webhook integration examples for various frameworks at https://github.com/stripe/stripe-node#webhook-signing

also tried with

const rawBody = await getRawBody(req);

update: took wrong webhook secret 🙈 (confused with ID top right screen). Solved

[northrn]

I am having this issue, among others with the live version. @thorwebdev any suggestions here?

[Myrinw]

Any fixes found so far? I am dealing with the same problem.

[AndreaSoto]

Follow these instructions, again, and make sure the keys are correct: https://github.com/vercel/nextjs-subscription-payments#configure-webhook

[Myrinw]

That did the trick, I believe the api-keys were wrong

[roveneliah]

Make sure you're running stripe listen --forward-to=localhost:3000/api/webhooks and that the STRIPE_WEBHOOK_SECRET matches the value shown in console.

[lsbyerley]

I am getting the same error for the test version. I've double checked the STRIPE_WEBHOOK_SECRET key in the webhooks dashboard and my .env.local file. I've logged the buf variable in /api/webhooks as you can see in the terminal. Any idea what else could be wrong?

[JOsacky]

I had this same issue, I fixed it by ensuring that I didn't have a typo in https://your-deployment-url.vercel.app/api/webhooks after following step 2 in https://github.com/vercel/nextjs-subscription-payments#configure-webhook

1. Ensure that you replace your-deployment-url with your deployment url and there are no typos
2. Ensure that the path to your webhooks.ts file matches the path after .app api/webhooks

[ncfausti]

I was having an issue with this as well when I went to production. A couple of things that helped (which are not entirely clear from the README):

1. You'll be using https://<your-app-name>.vercel.app/api/webhooks as the endpoint, even if you moved to a custom domain. It seems like Stripe webhooks don't like redirects, so if it sees one, it rejects it immediately.

2. Make sure you're on the correct API version when you create the webhook in the Stripe dashboard.

3. Make sure you are using the Signing secret from the Stripe webhooks dashboard. You have to click to reveal it in the webhooks dashboard on Stripe. You should NOT be using the one from your local machine when you run stripe listen --forward-to=localhost:3000/api/webhooks for production. THE Signing secret IS SPECIFIC TO EACH AND EVERY WEBHOOK ENDPOINT YOU CREATE IN THE STRIPE DASHBOARD.

4. Set the environment variables correctly in Vercel for your deployment. Double and triple check you are using the correct STRIPE_WEBHOOK_SECRET_LIVE , STRIPE_SECRET_KEY, NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY .

5. REDEPLOY.

6. Go to https://vercel.com/<your-account-name>/<your-app-name>/logs?timeline=live and switch to Live timeline view. When you change a product in stripe, you should see the product populate in your supabase table AND a few 200 OK message from [POST] /api/webhooks show up in the live log. This will confirm that your webhooks are working correctly in production.

EDIT: 7. Open browser dev tools and on the network tab select Disable Cache while debugging issues related to pricing.

[haramishra]

Ensure that the STRIPE_WEBHOOK_SECRET has no spaces or new lines on Vercel. If you are developing locally then first run npm run stripe:listen or stripe listen --forward-to=localhost:3000/api/webhooks --project-name=<project name> before using webhooks.

[flattracker]

Thanks @ncfausti , this is the line that got fixed my issue

You'll be using https://.vercel.app/api/webhooks as the endpoint, even if you moved to a custom domain. It seems like Stripe webhooks don't like redirects, so if it sees one, it rejects it immediately.

[jacksonkasi1]

Follow these instructions, again, and make sure the keys are correct: https://github.com/vercel/nextjs-subscription-payments#configure-webhook

@AndreaSoto Thanks, it's work

[salo18]

I was having an issue with this as well when I went to production. A couple of things that helped (which are not entirely clear from the README):

1. You'll be using https://<your-app-name>.vercel.app/api/webhooks as the endpoint, even if you moved to a custom domain. It seems like Stripe webhooks don't like redirects, so if it sees one, it rejects it immediately.
2. Make sure you're on the correct API version when you create the webhook in the Stripe dashboard.
3. Make sure you are using the Signing secret from the Stripe webhooks dashboard. You have to click to reveal it in the webhooks dashboard on Stripe. You should NOT be using the one from your local machine when you run stripe listen --forward-to=localhost:3000/api/webhooks for production. THE Signing secret IS SPECIFIC TO EACH AND EVERY WEBHOOK ENDPOINT YOU CREATE IN THE STRIPE DASHBOARD.
4. Set the environment variables correctly in Vercel for your deployment. Double and triple check you are using the correct STRIPE_WEBHOOK_SECRET_LIVE , STRIPE_SECRET_KEY, NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY .
5. REDEPLOY.
6. Go to https://vercel.com/<your-account-name>/<your-app-name>/logs?timeline=live and switch to Live timeline view. When you change a product in stripe, you should see the product populate in your supabase table AND a few 200 OK message from [POST] /api/webhooks show up in the live log. This will confirm that your webhooks are working correctly in production.

EDIT: 7. Open browser dev tools and on the network tab select Disable Cache while debugging issues related to pricing.

This was really helpful, thanks! Finally was able to capture payments in live mode with this checklist.

[zubaer46]

I encountered an issue in my Nest.js application while integrating Stripe using the golevelup/nestjs-stripe package. Initially, I was using the latest versions of both packages, but the problem persisted. However, I found a solution by specifying the following versions: "stripe": "^14.19.0", "@golevelup/nestjs-stripe": "^0.6.5" Implementing these specific versions resolved the issue for me.

[kartick17]

I deployed my application onto a server and set my hosted endpoints to the server URL. I go to https://dashboard.stripe.com/test/webhooks/ and then select my hosted URL and then reveal the Signing secret and set this into the .env file STRIPE_WEBHOOK_SIGNING_SECRET variable. This fixed my error.

event = await stripe.webhooks.constructEventAsync( body, signature, STRIPE_WEBHOOK_SIGNING_SECRET, undefined )

[christhornham]

Thank you @ncfausti !

[ankitdetroja]

same here

No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? Learn more about webhook signing and explore webhook integration examples for various frameworks at https://github.com/stripe/stripe-node#webhook-signing

also tried with

const rawBody = await getRawBody(req);

update: took wrong webhook secret 🙈 (confused with ID top right screen). Solved

[kabasawakyohei]

I faced a similar issue, and it was quite troublesome. The root cause of the problem was using the wrong endpoint_secret. Instead of retrieving the endpoint_secret from the Stripe dashboard, I recommend using the CLI to get the correct value.

You can obtain the correct endpoint_secret with the following command: stripe listen

Using the endpointsecret that starts with the whsec prefix resolved this issue for me. I hope this tip helps others facing the same problem.