Verify Stripe Webhook Signature

Paste your payload, signature header, and signing secret to verify. Get detailed diagnostics if verification fails.

🔒 Your signing secret never leaves your browser. All verification happens client-side.

Raw Payload

Stripe-Signature Header

Webhook Signing Secret

Find this in your Stripe Dashboard → Developers → Webhooks

Common Questions

Why is my Stripe webhook signature invalid?

The most common reasons are: (1) wrong signing secret from Stripe dashboard, (2) using test mode secret with live mode webhooks, or (3) your framework modified the raw request body before verification.

Where do I find my Stripe signing secret?

Go to Stripe Dashboard → Developers → Webhooks → Click on your webhook → "Signing secret" section. It starts with "whsec_".

What is timestamp tolerance?

Stripe rejects webhooks older than 5 minutes (300 seconds) to prevent replay attacks. If your webhook takes too long to reach your server, verification will fail with "timestamp too old".