Home > other >  PayPal Webhook HTTP header does not include webhook id
PayPal Webhook HTTP header does not include webhook id

Time:07-01

I'm getting the following header from the PayPal sandbox in Python/Flask:

request_headers = request.headers

print(request_headers)

Host: www.mysite.com
Content-Length: 1306
Accept: */*
Paypal-Transmission-Id: ****
Paypal-Transmission-Time: 2022-06-30T11:39:45Z
Paypal-Transmission-Sig: ****
Paypal-Auth-Version: v2
Paypal-Cert-Url: https://api.sandbox.paypal.com/v1/notifications/certs/CERT-*****
Paypal-Auth-Algo: SHA256withRSA
Content-Type: application/json
User-Agent: PayPal/AUHD-****
Correlation-Id: ****
Cal-Poolstack: amqunphttpdeliveryd:UNPHTTPDELIVERY*CalThreadId=0*TopLevelTxnStartTime=****Host=***
X-B3-Spanid: ***
Client-Pid: ****
X-Cloud-Trace-Context:***
X-Appengine-City: ?
X-Appengine-Citylatlong: 0.000000,0.000000
X-Appengine-Country: US
X-Appengine-Region: ?
Via: 1.1 google
X-Forwarded-For: ***,***
X-Forwarded-Proto: https

Unfortunately, there is no webhookId as decribed in the documentation, nor a validation signature with this shape:

<transmissionId>|<timeStamp>|<webhookId>|<crc32>

Is it because of the sandbox environment? How can know if the payment comes from Paypal and is not a fraud?

CodePudding user response:

The webhook id used for verification is not included in the header since if it was, it could be spoofed by someone delivering a malicious/fake webhook.

The webhook id is returned when you subscribe to webhooks via API or in the web interface, and can be looked up in the REST APP management interface (or queried via the list webhooks API as well)

Page link:https//www.codepudding.com/other/460475.html

Prev:summing based on conditions from two dataframes and dealing with dates
Next:Flask: injection of the "client" parameter using pytest fixture
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding