I’m trying to set up a webhook for Stripe. The message is sent fine and I can work with the data. However I can’t confirm the signature.
I’m using the method suggested in the Stripe documentation for manually checking the signature, which happens to be the same method I’m successfully using for webhooks from another vendor. This method is:
Payload = {Header t value} + “.” + {request body}
Signature = {Payload} → HMAC256 encrypted (terminology?) with {Secret}
Compare Signature with {Header v1 Value}
However the result always comes out differently when I’m sending messages from TestMode to my test environment. I’m logging all the values to a Log table I’ve created, and it’s always different. I even copied the relevant values to an online HMAC signature tool just to check it was given the same result as I get, but no luck.
Has anyone run into the same problem or are there any obvious pitfalls I’ve fallen into?
An update: Stripe support told me that they send their JSON formatted, and Bubble is removing all whitespace, which is causing this issue. Which is to say, Bubble’s “raw body text” is not raw? Is this the case?
From what I’m now reading elsewhere, this is just Bubble breaking things, they’re probably aware, and there’s no telling even if they are aware that they’re planning to fix it.
FYI I have created a Bubble feature request here, as suggested by Bubble support. If we build support for this request it might expedite it. Or not, but one can only hope.
