Bug in verify_gateway_signature for python


(Edward Emanuel) #1

I found a mistake in the Webhooks guide. The verify_gateway_signature method for python (found here: https://developers.dwolla.com/guides/webhooks/03-validating-webhooks.html) is incorrect.

The webhook_secret should be the first argument to hmac.new like this:

signature = hmac.new(webhook_secret, payload_body, sha256).hexdigest()

As seen in the documentation here: https://docs.python.org/2/library/hmac.html?highlight=new#hmac.new


(Spencer Hunter) #2

Thanks for pointing this out @Edward_Emanuel! See the fix here. We welcome PRs as well! :slight_smile: