`POST` request to API route returning `Forbidden`

Unanswered

Standard Chinchilla posted this in #help-forum

Standard ChinchillaOP

2024-06-22T05:57:03.200Z

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method !== "POST") {
    res.status(405).send({ message: "Only POST requests allowed" });
    return;
  }
  switch (req.body.webhook_type) {
    case "customer.subscription.updated": {
      console.log(req.body);
    }

I have an api route as such but for some reason when sending a post request it returns 403

33 Replies

Standard ChinchillaOP

2024-06-22T05:57:23.856Z

this works fine

anyone can help me with this?

@Standard Chinchilla tsx export default async function handler(req: NextApiRequest, res: NextApiResponse) { if (req.method !== "POST") { res.status(405).send({ message: "Only POST requests allowed" }); return; } switch (req.body.webhook_type) { case "customer.subscription.updated": { console.log(req.body); } I have an api route as such but for some reason when sending a post request it returns 403

joulev

2024-06-22T06:02:37.062Z

https://nextjs-faq.com/route-handler-using-pages-router-syntax

Standard ChinchillaOP

2024-06-22T06:04:45.643Z

sane

same error

export async function POST(req: NextApiRequest, res: NextApiResponse) {
  // Handle POST requests
  switch (req.body.webhook_type) {
    case "customer.subscription.updated": {
      console.log(req.body);
    }
    case "invoice.payment_failure": {
      const { payment_provider_invoice_payment_error } = req.body;
      await prisma.employer.update({
        where: {
          id: payment_provider_invoice_payment_error.external_customer_id,
        },
        data: {
          subscriptionStatusMonthly: "INACTIVE",
        },
      });
      break;
    }
    case "customer.subscription.deleted": {
      const { customer } = req.body.data;
      const employer = await prisma.employer.findFirst({
        where: {
          customerId: customer,
        },
      });
      if (!employer) {
        return;
      }
      await prisma.employer.update({
        where: {
          id: employer.id,
        },
        data: {
          subscriptionStatusMonthly: SubscriptionStatus.INACTIVE,
          subscriptionIdMonthly: null,
        },
      });
    }
    default: {
      console.log("STRIPE BODY", req.body);
    }
  }
}

saem 403

joulev

2024-06-22T06:05:25.957Z

read the post again.

it's longer than you think.

Standard ChinchillaOP

2024-06-22T06:05:59.374Z

I am in pages router only

forgot to mention that

joulev

2024-06-22T06:06:24.713Z

huh pages router? so it is pages/api/stripe-webhook.ts?

not app/api/stripe-webhook/route.ts?

Standard ChinchillaOP

2024-06-22T06:06:40.712Z

yes yes

joulev

2024-06-22T06:06:55.872Z

oh then ignore whatever i said, sorry. thought you were using the app router

do you have a middleware or something

Standard ChinchillaOP

2024-06-22T06:07:30.030Z

➜ ls ./src/pages/api --tree
 ./src/pages/api
├──  cron-webhook.ts
├──  link
│  └──  google-calendar
│     ├──  callback.ts
│     └──  index.ts
├──  stripe-webhook.ts
└──  trpc
   └──  [trpc].ts

These are my pages routess

joulev

2024-06-22T06:08:25.701Z

do you have a middleware running that might interfere with the request in any way?

because the code looks good

Standard ChinchillaOP

2024-06-22T06:09:34.212Z

Nah

I don't believe i do

oh actually sec

lemme be sure

joulev

2024-06-22T06:10:51.715Z

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method !== "POST") {
    res.status(405).send({ message: "Only POST requests allowed" });
    return;
  }
  console.log(req.body);
  res.status(200).send("OK");
}

does this work?

Standard ChinchillaOP

2024-06-22T06:10:55.497Z

oh i did

i did had a middleware for POST

my bad

joulev

2024-06-22T06:11:20.916Z

oh so you did have a middleware, it's for auth or something like that right? then yes that is why you are getting 403 here

Standard ChinchillaOP

2024-06-22T06:11:25.778Z

yea

thanks