Solved

Webhook Signing Issue

2 years ago
March 24, 2023
1 reply
84 views

pickleball
Novice
2 replies

Looks like we’re having issues with a subset of our webhook requests which have emoji’s in the body.

We’ve tested bodies without and the encryption method we have works.


def is_valid_cio_webhook_request(xcio_signature: str,
                                 xcio_timestamp: int,
                                 body_bytes: bytes,
                                 webhook_signing_secret: str = CUSTOMERIO_API_WEBHOOK_SIGNING_KEY
                                 ) -> bool:


    signature = codecs.decode(xcio_signature, 'hex')
    message = f"v0:{xcio_timestamp}:"
    mac = hmac.new(bytes(webhook_signing_secret, 'utf-8'), msg=message.encode('utf-8'), digestmod=hashlib.sha256)
    mac.update(body_bytes)
    computed = mac.digest()
    if not hmac.compare_digest(computed, signature):
        logging.debug("Signature didn't match")
        return False
    logging.debug("Signature matched!")
    return True

Best answer by pickleball

Solution found: the bytes string being passed in wasnt correct:

When converting the dict to bytestring we needed to add ensure_ascii=False for it to work with emojis.

json.dumps(request_body, separators=(',', ':'), ensure_ascii=False).encode('utf-8')

View original

Did this topic help you find an answer to your question?

pickleball
Author
Novice
2 replies
Answer
2 years ago
March 24, 2023

Solution found: the bytes string being passed in wasnt correct:

When converting the dict to bytestring we needed to add ensure_ascii=False for it to work with emojis.

json.dumps(request_body, separators=(',', ':'), ensure_ascii=False).encode('utf-8')

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Related topics

How would you do HMAC request signing before triggering a webhook ?icon

Typeform + CIO - Can I see previous responses?icon

Webhook throttlingicon

Using Webhooks to send SMS

Webhook-Triggered Campaigns vs Events

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings