Webhook signature verification fails when body is parsed before validation

Stripe webhook signature verification fails with 'No signatures found matching the expected signature for payload' when middleware parses the request body (e.g., express.json()) before the webhook handler runs. Stripe requires the raw bytes exactly as sent.

Place webhook route before global JSON parsing middleware. Use express.raw({ type: '*/*' }) exclusively for the webhook endpoint to preserve raw bytes. Example: app.post('/webhook', express.raw({ type: '*/*' }), handler) then app.use(express.json()) for other routes.