This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Using the X-Signature header with sha256 hash of message body #4321
Labels
You can continue the conversation there. Go to discussion →
First Check
Commit to Help
Example Code
Description
This isn't a problem with FastAPI, but an issue I'd appreciate any advice on.
I'm writing a small api server to receive webhook posts from a commercial provider.
They include the
X-Signature header
which they say is"generated by SHA256 hashing the JSON body and then building a SHA256 HMAC with the body hash as the data/content and your webhook secret as the key. "
As far as I understand, my attached code should do this, but when I run it, and it prints both their X-Sig header and the hash that I generate they never match.
I was hoping someone could offer some advice on whether I'm doing something obviously wrong.
For reference, this is some sample php code that they say will generate the required hash to match their own.
$json = file_get_contents('php://input'); $secret = "0d45982a10e3a072d0c1261c55dd9918"; $signature = hash_hmac('sha256', hash('sha256', $json), $secret);
Operating System
Linux, Windows
Operating System Details
No response
FastAPI Version
0.70.1
Python Version
3.9.9
Additional Context
No response
The text was updated successfully, but these errors were encountered: