Verify webhook / Simulate Webhook Request issues

[6juara9]

It seems like these 2 pages works incorrectly for standard webhook type:

• https://www.standardwebhooks.com/simulate
• https://www.standardwebhooks.com/verify

I tried to verify my own created webhook and also simulated using this page but it is different from the description in specs + different from multiple online clients.

PS: I know that it appends v1 prefix but still it is different, see the pictures below. Shopify webhook type works correctly on the other hand (probably other types as well)

Simulated one

• https://www.standardwebhooks.com/simulate

Other clients

• https://www.devglan.com/online-tools/hmac-sha256-online

• https://www.javainuse.com/hmac

[J0]

Hi,

I was able to successfully use the tools recently to verify and simulate a request payload. I think the secret key prefix is dropped before signing and the key comes encoded in base64 for the standard webhook payload

If working with a vanilla HMAC signing tool you might need to drop the whsec_ and use a base64 decoded secret to get a similar result. If you paste the relevant code snippets as text I might be able to help check / debug.

Hope this helps!

[6juara9]

Ohhh, yep it works with base64 encode secret, thank you @J0 🥇

[tasn]

Whoops, I completely missed this ticket. Thanks @J0!