api
auth_error
ai_generated
partial
Stripe Webhook 签名验证失败:时间戳超出容差范围
Stripe webhook signature verification failed: timestamp out of tolerance
ID: api/stripe-webhook-signature-verification-failed-timestamp
85%修复率
85%置信度
1证据数
2024-01-10首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Stripe API 2023-10-16 | active | — | — | — |
| stripe-python v7.0 | active | — | — | — |
| stripe-node v14.0 | active | — | — | — |
根因分析
Webhook 事件的时间戳与服务器时钟的差异超过允许的容差(通常为 5 分钟),导致签名验证失败。
English
The webhook event's timestamp differs from the server's clock by more than the allowed tolerance (usually 5 minutes), causing signature verification to fail.
官方文档
https://stripe.com/docs/webhooks/signatures解决方案
-
Sync the server's clock using NTP (e.g., `sudo ntpdate pool.ntp.org` on Linux) and ensure NTP daemon is running.
-
Increase the tolerance window in the Stripe SDK by passing a custom `tolerance` parameter (e.g., `stripe.webhook.construct_event(payload, sig_header, secret, tolerance=300)` in Python).
无效尝试
常见但无效的做法:
-
100% 失败
Exposes the endpoint to replay attacks and invalid events.
-
80% 失败
Clock drift is a symptom; manual adjustment is temporary and may break other services.