Webhook Signing Issue

Question

Looks like we’re having issues with a subset of our webhook requests which have emoji’s in the body.

We’ve tested bodies without and the encryption method we have works.


def is_valid_cio_webhook_request(xcio_signature: str,
                                 xcio_timestamp: int,
                                 body_bytes: bytes,
                                 webhook_signing_secret: str = CUSTOMERIO_API_WEBHOOK_SIGNING_KEY
                                 ) -> bool:


    signature = codecs.decode(xcio_signature, 'hex')
    message = f"v0:{xcio_timestamp}:"
    mac = hmac.new(bytes(webhook_signing_secret, 'utf-8'), msg=message.encode('utf-8'), digestmod=hashlib.sha256)
    mac.update(body_bytes)
    computed = mac.digest()
    if not hmac.compare_digest(computed, signature):
        logging.debug("Signature didn't match")
        return False
    logging.debug("Signature matched!")
    return True

icon

Best answer by pickleball 24 March 2023, 02:45

View original

pickleball · Accepted Answer

Solution found: the bytes string being passed in wasnt correct: When converting the dict to bytestring we needed to addensure_ascii=False for it to work with emojis.json.dumps(request_body, separators=(',', ':'), ensure_ascii=False).encode('utf-8')

Webhook Signing Issue

1 reply

Reply

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded