NextJS provides file based routing, even for API routes. API routes are files that are created inside of the pages/api folder. By default the API route tries to be as helpful as possible, meaning it will parse the request body based upon the incoming Content-Type in the headers.

So when a POST comes in with Content-Type application/json you can expect that req.body will be the parsed payload.

One issue is that with Stripe it needs to use the raw payload to validate the request actually originated from Stripe. You should always validate your Stripe webhook requests, if someone found out your webhook URL you could have people sending fake requests.

To disable this default parsing behavior API routes from Next.js have a config export option. If you export config you can set false on api.bodyParser. This will disable the above behavior and allow us to verify the raw request.

#nextjs #api

Stripe Webhook Verification with NextJS
4.65 GEEK