Home > Software design >  How do I verify the Weavy webhook signature?
How do I verify the Weavy webhook signature?

Time:02-03

I have registered a webhook and provided a secret as documented on https://www.weavy.com/docs/backend/webhooks.

When the payload is delivered to my url I want to verify the signature, but I can't seem to get the calculation correct. What am I doing wrong?

Here is the code I'm using:

public static bool Verify(string signature, string body, string secret)
{
    using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secret)))
    {
        var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(body));
        var hash = Encoding.UTF8.GetString(hashBytes);
        return signature.Equals(hash);
    }
}

CodePudding user response:

The documentation says the signature is a HMAC hex digest so instead of converting hashBytes to an UTF8 string you should convert it to a hexadecimal string.

public static bool Verify(string signature, string body, string secret)
{
    using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(Secret)))
    {
        var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(body));
        var hash = Convert.ToHexString(hashBytes).ToLowerInvariant();
        return signature.Equals(hash);
    }
}

Page link:https//www.codepudding.com/Softwaredesign/691946.html

Prev:How to disallow zero in textbox using char.IsDigit
Next:I don't understand how to use the Margin property in WinForms (Windows Forms) applications
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding