5 days ago
Hello,
I am experiencing an issue with Stripe webhook signature verification in production.
Stripe payments are successfully processed, but our Telegram Mini App does not automatically grant access after real payments.
Error in logs:
Async webhook processing failed: No signatures found matching the expected signature for payload.
Request headers show that traffic is passing through Fastly:
“cdn-loop”: “Fastly”
“x-forwarded-server”: “cache-cmh1290067-CMH”
Endpoint:
POST /stripe/webhook
Service: artdownload2-production
Domain: artdownload2-production.up.railway.app
It appears that the POST request body may be modified before reaching our application, which breaks Stripe’s cryptographic signature verification.
Could you please clarify:
1. Is it possible that Railway or Fastly modifies the POST request body (for example via compression or normalization)?
2. Is it possible to configure a pass-through mode for the /stripe/webhook endpoint so that the request body reaches the app unchanged?
3. Are there any specific recommendations for properly handling Stripe webhooks on Railway?
Additionally, we previously received a “Deploy Crashed” notification for this service. Could this be related to webhook failures?
Thank you for your assistance.
1 Replies
Status changed to Awaiting Railway Response Railway • 5 days ago
5 days ago
This is not a railway issue, you need to process the webhook before letting your framework parse the body of the request, or you can append the raw body to the request object, this is what I"m doing with nodejs & express:
const rawBody = (req: Request, _: Response, buf: Buffer): void => {
if (req.url === config.stripe.webHookPath) {
req.rawBody = buf.toString();
}
};
// middleware
app.use(bodyParser.json({ verify: rawBody }));
// stripe handler
stripe.webhooks.constructEvent(rwq.rawBody, signature, WEBHOOK_SECRET);I don't know if you are on node or something else, but I think the logic to follow should be the same. I had the same error you got and I fixed it with this solution