Looks like we’re having issues with a subset of our webhook requests which have emoji’s in the body.
We’ve tested bodies without and the encryption method we have works.
def is_valid_cio_webhook_request(xcio_signature: str,
xcio_timestamp: int,
body_bytes: bytes,
webhook_signing_secret: str = CUSTOMERIO_API_WEBHOOK_SIGNING_KEY
) -> bool:
signature = codecs.decode(xcio_signature, 'hex')
message = f"v0:{xcio_timestamp}:"
mac = hmac.new(bytes(webhook_signing_secret, 'utf-8'), msg=message.encode('utf-8'), digestmod=hashlib.sha256)
mac.update(body_bytes)
computed = mac.digest()
if not hmac.compare_digest(computed, signature):
logging.debug("Signature didn't match")
return False
logging.debug("Signature matched!")
return True