Stripe Webhook with Express on Vercel

Question

I integrated stripe-webhook into my express app and deployed to Vercel. I tested with stripe-cli on local and it works fine. But after deploy to vercel, it shows me this error:

No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved. Learn more about webhook signing and explore webhook integration examples for various frameworks at https://github.com/stripe/stripe-node#webhook-signing

I used following code for stripe webhook middleware.

//app.js

app.use((req, res, next) => {
  if (req.path === '/api/stripe/webhook') {
    next();
  } else {
    express.json()(req, res, next);
  }
});

//stripe.route.js

const express = require('express');
const stripeController = require('../../../controllers/users/stripe.controller');

const router = express.Router();

router.post('/webhook', express.raw({ type: 'application/json' }), stripeController.stripeWebhook);

module.exports = router;

//stripe.controller.js

const stripeWebhook = async (req, res) => {
  const sig = req.headers['stripe-signature'];

  let event;

  try {
    event = stripe.webhooks.constructEvent(req.body, sig, envVars.stripe.endpointSecret);
  } catch (err) {
    console.log(err.message)
    res.status(400).send(`Webhook Error: ${err.message}`);
    return;
  }
  ...
}

Say again, I tested with stripe-cli on my local and it works correctly. It seems the issue is on Vercel. Thank you in advance.

Answer 1

I solved this issue with stripe. The issue was not on Vercel. Stripe webhook endpoint provides two secret keys.

1. One is provided in the sample code when setting up the new endpoint:

2. The another one - you can find in enpoint detail:

(1) works in local development and (2) works when deployed to Vercel.