Issues

Issues

Ask a Question
Back to All

How to verify webhook

over 1 year ago by Kay

Hello, we are having issues trying to verify webhook comparing the generated signature and that returned in one of the ones sent in the svix-signature header.

This is the code below.

const getWebhookSignature = (svixId, svixTimestamp, body) => {
  
    const signedContent = `${svixId}.${svixTimestamp}.${body}`
    const secret = process.env.MAPRALAD_WEBHOOK_SECKEY; // your webhook secret 

    // Need to base64 decode the secret
    const secretBytes = new Buffer(secret.split('_')[1], "base64");
    const signature = crypto
        .createHmac('sha256', secretBytes)
        .update(signedContent)
        .digest('base64');
  
    console.log(signature);
    return signature
}

exports.webhookResponse = async(req, res) =>{

    res.status(200).send()
    console.log(req.body)
      const body = req.body
          
          const svixId = req.headers["svix-id"]
          const svixTimestamp = req.headers["svix-timestamp"]
          const svixSignature = req.headers["svix-signature"]
          
          const signature = getWebhookSignature(svixId, svixTimestamp, body)
          console.log(signature)
          console.log(svixSignature.substring(3))
  //to check
  if(svixSignature === signature){
  //rest code
  }
  
  
}

The issue is that the svixSignature and signature are never the same. Please what mistake is been made here?