← Back to Fixes
Stripe Webhook Signature Verification Failed in Next.js: Production Fix Guide
Fix Stripe signature verification failures in Next.js by validating raw body handling, endpoint secrets, and retry-safe processing.
Tweetable Insight#
Webhook reliability is mostly idempotency and raw-body discipline.
One-Sentence Definition#
Signature verification fails when Stripe signs a payload that your server mutates before verification.
Production Risk Warning#
Failed verification can desync subscriptions and silently revoke paid access.
Problem (Search Intent First)#
Webhook signature verification failed appears in logs on live billing events.
Why It Happens#
Wrong endpoint secret, wrong environment key, or body parsing before stripe.webhooks.constructEvent.
Production-Grade Fix#
Use the exact raw request body, match environment secrets, and store event IDs for idempotency.
Copy-Paste Solution#
ts
const sig = req.headers.get("stripe-signature")!;
const body = await req.text();
const event = stripe.webhooks.constructEvent(body, sig, process.env.STRIPE_WEBHOOK_SECRET!);
Edge Cases#
- Preview deployments often point to production secret by mistake.
- Retries can still create duplicates without event ID storage.