NextJS provides file based routing, even for API routes. API routes are files that are created inside of the pages/api
folder. By default the API route tries to be as helpful as possible, meaning it will parse the request body based upon the incoming Content-Type
in the headers.
So when a POST
comes in with Content-Type
application/json
you can expect that req.body
will be the parsed payload.
One issue is that with Stripe it needs to use the raw payload to validate the request actually originated from Stripe. You should always validate your Stripe webhook requests, if someone found out your webhook URL you could have people sending fake requests.
To disable this default parsing behavior API routes from Next.js have a config
export option. If you export config
you can set false
on api.bodyParser
. This will disable the above behavior and allow us to verify the raw request.
#nextjs #api