Solved

Webhook Signing Issue

  • 24 March 2023
  • 1 reply
  • 48 views

Looks like we’re having issues with a subset of our webhook requests which have emoji’s in the body.

We’ve tested bodies without and the encryption method we have works.


def is_valid_cio_webhook_request(xcio_signature: str,
xcio_timestamp: int,
body_bytes: bytes,
webhook_signing_secret: str = CUSTOMERIO_API_WEBHOOK_SIGNING_KEY
) -> bool:


signature = codecs.decode(xcio_signature, 'hex')
message = f"v0:{xcio_timestamp}:"
mac = hmac.new(bytes(webhook_signing_secret, 'utf-8'), msg=message.encode('utf-8'), digestmod=hashlib.sha256)
mac.update(body_bytes)
computed = mac.digest()
if not hmac.compare_digest(computed, signature):
logging.debug("Signature didn't match")
return False
logging.debug("Signature matched!")
return True

 

icon

Best answer by pickleball 24 March 2023, 02:45

View original

1 reply

Solution found: the bytes string being passed in wasnt correct: 

When converting the dict to bytestring we needed to add ensure_ascii=False for it to work with emojis.

json.dumps(request_body, separators=(',', ':'), ensure_ascii=False).encode('utf-8')

Reply