api
auth_error
ai_generated
partial
Stripe webhook signature verification failed: timestamp out of tolerance
ID: api/stripe-webhook-signature-verification-failed-timestamp
85%Fix Rate
85%Confidence
1Evidence
2024-01-10First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Stripe API 2023-10-16 | active | — | — | — |
| stripe-python v7.0 | active | — | — | — |
| stripe-node v14.0 | active | — | — | — |
Root Cause
The webhook event's timestamp differs from the server's clock by more than the allowed tolerance (usually 5 minutes), causing signature verification to fail.
generic中文
Webhook 事件的时间戳与服务器时钟的差异超过允许的容差(通常为 5 分钟),导致签名验证失败。
Official Documentation
https://stripe.com/docs/webhooks/signaturesWorkarounds
-
90% success Sync the server's clock using NTP (e.g., `sudo ntpdate pool.ntp.org` on Linux) and ensure NTP daemon is running.
Sync the server's clock using NTP (e.g., `sudo ntpdate pool.ntp.org` on Linux) and ensure NTP daemon is running.
-
85% success Increase the tolerance window in the Stripe SDK by passing a custom `tolerance` parameter (e.g., `stripe.webhook.construct_event(payload, sig_header, secret, tolerance=300)` in Python).
Increase the tolerance window in the Stripe SDK by passing a custom `tolerance` parameter (e.g., `stripe.webhook.construct_event(payload, sig_header, secret, tolerance=300)` in Python).
中文步骤
Sync the server's clock using NTP (e.g., `sudo ntpdate pool.ntp.org` on Linux) and ensure NTP daemon is running.
Increase the tolerance window in the Stripe SDK by passing a custom `tolerance` parameter (e.g., `stripe.webhook.construct_event(payload, sig_header, secret, tolerance=300)` in Python).
Dead Ends
Common approaches that don't work:
-
100% fail
Exposes the endpoint to replay attacks and invalid events.
-
80% fail
Clock drift is a symptom; manual adjustment is temporary and may break other services.