public function handleWebhook(Request $request) {
            \Stripe\Stripe::setApiKey(env("STRIPE_SK"));

            $payload = $request->json;
            $sigHeader = $request->header("HTTP_STRIPE_SIGNATURE");
            $endpointSecret = env("STRIPE_ENDPOINT_SECRET");

        try {
            $event = \Stripe\Webhook::constructEvent(
                $payload,
                $sigHeader,
                $endpointSecret
            );
        } catch (\UnexpectedValueException $e) {
            // invalid payload
            http_response_code(400);
            die;
        } catch (\Stripe\Exception\SignatureVerificationException $e) {
            // invalid signature
            http_response_code(400);
            die;
        }

I'm using the Stripe CLI to forward to my local server and trigger an event. However I'm getting the second http_response_code in the code above returned. What might be causing an invalid signature?

CodePudding user response：

Are you sure the payload should be $request->json? You might need $request->getContent() instead. This is code I've used in the past which worked for me.

try {
    $signature = $request->header('Stripe-Signature');
    $secret = config('services.stripe.webhook_secret');

    Webhook::constructEvent($request->getContent(), $signature, $secret);
} catch (Exception $e) {
    //
}