Stripe Webhooks Error 503 Invalid encoding: ISO-8859-1

Question

I setup a stripe webhook with signature verification just as recommended by stripe:

<?php

logme("Secure connection: ".isSecure());
logme("I was called at:".time());

require 'vendor/autoload.php';

\Stripe\Stripe::setApiKey('sk_test_ff...');
$endpoint_secret = 'whsec_Ky...';

$payload = @file_get_contents('php://input');

if($payload) {
//request body is set
} else {
//request body is not set
    exit();
}

$sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'];

$event = null;


try {
    $event = \Stripe\Webhook::constructEvent(
        $payload, $sig_header, $endpoint_secret
    );

} catch(\UnexpectedValueException $e) {
    // Invalid payload
    http_response_code(400);
    exit();
} catch(\Stripe\Exception\SignatureVerificationException $e) {
    // Invalid signature
    http_response_code(400);
    exit();
}

http_response_code(200);

// Handle the event
switch ($event->type) {
    case 'event1':
    // do something 
    break;
    
    // ... handle other event types
    default:
        echo 'Received unknown event type ' . $event->type;
        logme('Received unknown event type ' . $event->type);
}


function logme($msg){

    $log_file = "error.txt";
// logging error message to given log file
    error_log($msg."\n-\n", 3, $log_file);
}
function isSecure() {
    return
        (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
        || $_SERVER['SERVER_PORT'] == 443;
}

At stripe dashboard I created a webhook with https://example.org/path/to/webhook.php but if I fire invoice.paid webhook in test mode I receive the following error:

Test-Webhook-Error: 503 
Invalid encoding: ISO-8859-1 

Is anyone familiar with this kind of error?

---

Update
It seems to depend on the type of event that is triggered. E.g. plan.deleted works and payment_intent.succeeded does not

Answer 1

To anyone still facing this issue, I recently came up against it and finally realised that it was due to me missing the trailing slash off the webhook endpoint....there's a couple of hours well spent!

Answer 2

This error does not appear to be coming from the signature verification, but rather somewhere else in your request/network stack. Note that the error you throw in the try {} is withStatus(403) (not 503). Can you provide more detailed logging from your server to identify where this fails?

See this related question and the solution being connected to a HTTP -> HTTPS redirect. Ensure your configured endpoint is going directly to HTTPS and that your SSL certificates are responding correctly.

I also see you are calling $event = $request->getParsedBody(); at the start of your handler even before signature checking, which can something cause problems with the body data being manipulated (the signature verification requires the raw body of the request).