diff --git a/apps/logicsrc-web/contract/logicsrc-web.contract.test.ts b/apps/logicsrc-web/contract/logicsrc-web.contract.test.ts
index ad12321..ff2640b 100644
--- a/apps/logicsrc-web/contract/logicsrc-web.contract.test.ts
+++ b/apps/logicsrc-web/contract/logicsrc-web.contract.test.ts
@@ -408,6 +408,7 @@ describe("POST /api/webhooks/coinpay", () => {
     const signature = createHmac("sha256", secret).update(`${timestamp}.${payload}`).digest("hex");
 
     expect(verifyCoinPayWebhook(payload, `t=${timestamp},v1=${signature}`, secret)).toBe(true);
+    expect(verifyCoinPayWebhook(payload, `t=${timestamp}, v1=${signature}`, secret)).toBe(true);
 
     const response = await coinpayWebhook(
       new NextRequest("http://localhost/api/webhooks/coinpay", {
diff --git a/apps/logicsrc-web/src/lib/coinpay.ts b/apps/logicsrc-web/src/lib/coinpay.ts
index aaa9fb9..2e21319 100644
--- a/apps/logicsrc-web/src/lib/coinpay.ts
+++ b/apps/logicsrc-web/src/lib/coinpay.ts
@@ -114,7 +114,7 @@ export function verifyCoinPayWebhook(
   }
 
   try {
-    const parts = signatureHeader.split(",");
+    const parts = signatureHeader.split(",").map((part) => part.trim());
     const timestamp = parts.find((part) => part.startsWith("t="))?.slice(2);
     const signature = parts.find((part) => part.startsWith("v1="))?.slice(3);
     if (!timestamp || !signature) {