Troubleshooting

Common issues and solutions

Common Issues

1. Signature Verification Fails

Problem: The computed signature doesn't match the received signature.

Solutions:

✅ Ensure you're using the raw request body (not parsed JSON)
✅ Verify you're using the correct Secret Key from your merchant settings
✅ Check that you're computing HMAC-SHA256 (not SHA256)
✅ Ensure the output is a lowercase hex string
✅ Remove any whitespace/line breaks from the secret key

// ❌ Wrong - Using parsed JSON
const signature = crypto
  .createHmac('sha256', secretKey)
  .update(JSON.stringify(req.body))  // ❌ Don't stringify
  .digest('hex');

// ✅ Correct - Using raw body
const signature = crypto
  .createHmac('sha256', secretKey)
  .update(req.rawBody)  // ✅ Use raw body
  .digest('hex');

2. Webhooks Not Being Received

Checklist:

✅ Is your endpoint publicly accessible?
✅ Is it using HTTPS?
✅ Is there a firewall blocking Paymento's servers?
✅ Is the webhook URL correctly configured in the payment link?
✅ Are you returning a 200 status code quickly?

3. Receiving Duplicate Webhooks Solution: This is expected behavior. Implement idempotency using event.id (see Best Practices #4).

4. Timeout Errors

Problem: Your endpoint takes too long to respond. Solution: Move heavy processing to background jobs and respond immediately.

PreviousBest Practices NextScheduled & Recurring Payments

Last updated 4 days ago