gocardless webhook signature mismatch

Asked Nov 05 '16 at 15:12

Active Jun 24 '18 at 08:29

Viewed 211 times

I am going through the gocardless getting started guide, but when I try to setup a webhook (sandbox mode), I don't get the correct value.

The code is copy-pasted from https://developer.gocardless.com/getting-started/api/staying-up-to-date-with-webhooks/#building-a-webhook-handler

and looks like this

computed_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'),
                                             secret,
                                             request.raw_post)

provided_signature = request.headers['Webhook-Signature']

Rack::Utils.secure_compare(provided_signature, computed_signature)

# => false

What am I missing? Thanks for any help

edited Jun 24 '18 at 08:29

dmulter

2,608
3
15
24

asked Nov 05 '16 at 15:12

xijo

4,366
4
23
30

What is the problem and what is the question? Do you have an expected output, and observed output, or an error code? – jww Nov 06 '16 at 01:54
Expected would be that Rack::Utils.secure_compare returns true, but it doesn't. The both checksums differ and I don't see a reason for that, because it's the example code from their guide. – xijo Nov 06 '16 at 07:28

gocardless webhook signature mismatch

0 Answers0