Stripe: "No signatures found matching the expected signature for payload" using Django Rest Framework and request.body

I'm integrating Stripe webhooks into my API, which is built with Django Rest Framework (DRF). Here’s my webhook view:

class StripeWebhookView(APIView):
    permission_classes = [AllowAny]  # Public webhook

    def post(self, request, *args, **kwargs):
        payload = request.body
        sig_header = request.headers.get('stripe-signature')

        try:
            event = stripe.Webhook.construct_event(
                payload=payload,
                sig_header=sig_header,
                secret=settings.STRIPE_SIGNING_SECRET
            )
        except ValueError as e:
            print(f"Invalid payload: {e}")
            return Response(status=status.HTTP_400_BAD_REQUEST)
        except stripe.error.SignatureVerificationError as e:
            print(f"Signature verification failed: {e}")
            return Response(status=status.HTTP_400_BAD_REQUEST)

        # ... webhook logic ...
        return Response(status=200)

I get:

[...] "POST /webhooks/stripe-webhook/ HTTP/1.1" 200 0
[...] "POST /webhooks/stripe-webhook/ HTTP/1.1" 200 0
[...] "POST /webhooks/stripe-webhook/ HTTP/1.1" 200 0
[...] "POST /webhooks/stripe-webhook/ HTTP/1.1" 200 0
[...] "POST /webhooks/stripe-webhook/ HTTP/1.1" 200 0
[...] "POST /webhooks/stripe-webhook/ HTTP/1.1" 200 0
Invalid signature: No signatures found matching the expected signature for payload
Bad Request: /webhooks/stripe-webhook/
[...] "POST /webhooks/stripe-webhook/ HTTP/1.1" 400 0

I’ve already double-checked that my STRIPE_SIGNING_SECRET is correct, and my endpoint is set up correctly in the Stripe dashboard. I am using request.body directly (not request.data), as suggested in other answers, but the error persists.

Has anyone successfully used Stripe webhooks with Django Rest Framework and managed to pass signature verification?

I have carefully read and tried all the solutions mentioned in this post I am using request.body (not request.data) to get the raw payload

My webhook URL is public and accessible via ngrok, HTTPS, no firewalls
The Stripe signing secret is copied directly from the dashboard/CLI
I tested with Stripe CLI and Dashboard, both in test and live mode

Вернуться на верх

Последние вопросы и ответы

Stripe: "No signatures found matching the expected signature for payload" using Django Rest Framework and request.body

Using list which depends on another list in excel using python

JsonField in Django Admin as Inline

Trying to do Selenium testing in Django in Docker getting ERR_CONNECTION_REFUSED

Как пересоздать миграции с нуля в БД в Django?

'RegisterSerializer' object has no attribute '_has_phone_field'

Организация тестирования проектов Django

Django REST API endpoints URL paths

Deploy a dockerized monorepo to Railway

DatabaseError: DatabaseWrapper objects created in a thread can only be used in that same thread

Stripe: "No signatures found matching the expected signature for payload" using Django Rest Framework and request.body

Последние вопросы и ответы

Рекомендуемые записи по теме