Webhook Troubleshooting Guide

Comprehensive guide for diagnosing and resolving webhook verification failures

Quick Diagnostic Checklist

Run through these checks first

STRIPE_WEBHOOK_SECRET environment variable is setWebhook secret starts with "whsec_"Webhook URL is accessible from the internetServer clock is synchronized (NTP enabled)Using raw request body (not parsed JSON)Stripe-Signature header is being forwarded

No Signature Detected in Header

The stripe-signature header is missing or empty

Symptoms

Error: "No signature found in stripe-signature header"
Webhook events fail with 400 status code
Signature verification throws "No signatures found" error

Common Causes

1. Reverse Proxy Stripping Headers

Some reverse proxies (nginx, cloudflare) may strip the stripe-signature header. Ensure your proxy configuration forwards all headers.

# Nginx: Add to your server block proxy_pass_request_headers on; proxy_set_header Stripe-Signature $http_stripe_signature;

2. Request Not Coming from Stripe

Direct browser requests or non-Stripe sources won't have the signature header. Verify the request is actually from Stripe's servers.

3. Middleware Consuming the Request

Body-parsing middleware may consume the raw body before it reaches your webhook handler.

// Next.js: Disable body parsing for webhook route export const config = { api: { bodyParser: false, }, };

Verification Steps

Check if the header exists in incoming requests by logging all headers
Verify your hosting platform forwards custom headers
Test with Stripe CLI which always includes the signature

// Debug: Log all incoming headers console.log('Headers:', Object.fromEntries(request.headers.entries()));

Webhook Secret Mismatch

Signature verification fails due to incorrect secret

Timestamp & Clock Synchronization Issues

Server time drift causing signature validation failures

Endpoint URL Misconfiguration

Webhook URL is incorrect or inaccessible

Local Testing with Stripe CLI

Validate webhook reception and signature verification locally

Network & Firewall Issues

Connectivity problems blocking webhook delivery

Security Best Practices

Ensure secure webhook communication

Emergency Recovery

Steps to recover from webhook failures

1. Check Stripe Dashboard for Failed Events

Go to Developers → Webhooks → Select your endpoint → View recent deliveries

Open Webhook Dashboard

2. Resend Failed Events

Click on any failed event and use "Resend" to retry delivery

3. Fetch Events via API

If webhooks are unreliable, you can poll for events directly

stripe events list --limit 100

4. Manual Event Retrieval

Retrieve specific events by ID for manual processing

stripe events retrieve evt_xxxxxxxxxxxxx