What is payload_body in verifyGatewaySignature function?


(Dead Cham7) #1

I implemented webhook verfication looking at
https://developers.dwolla.com/guides/webhooks/validating-webhooks.html
that is
var verifyGatewaySignature = function(proposed_signature, webhook_secret, payload_body) {
var crypto = require('crypto');

var hash = crypto.createHmac('sha256', webhook_secret).update(payload_body).digest('hex');

return proposed_signature === hash;
}

but I could not figure out what exactly is payload_body from documentation therefore getting wrong hash value.

I am having hard time trying to figure out correct argument for the verifyGatewaytSignature function.
I call the function using these argument right now but hash result is different from that is from req.headers[‘x-request-signature-sha-256’].

Right now I use webhook secret and payload_body.body.id to supply createHmac but I could not figure out what exactly is payload_body from documentation.

I call the function with these parameter from api router:
if(!dwollaClient.verifyGatewaySignature(req.headers['x-request-signature-sha-256'],'your webhook secret', req))

exports.verifyGatewaySignature=function(proposed_signature,webhook_secret,payload_body){
var crypto = require('crypto');
var hash = crypto.createHmac('sha256',webhook_secret).update(payload_body.body.id).digest('hex')
return proposed_signature === hash; }

Webhook subscription requestbody:
var requestBody = { url: ' https://lazy-fish.localtunnel.me', secret: 'your webhook secret' };


(Shreya Thapa) #2

Hi, thank you for your question.

Are you passing in the raw HTTP request body that Dwolla sends? The webhook payload will be JSON encoded and shouldn’t be re-encoded. You’ll just need to pass in the raw JSON body ‘payload_body’, and not just the id ‘payload_body.body.id’.

Here is an example of what the webhook payload looks like: https://developers.dwolla.com/guides/webhooks/#example-webhook-payload

We would be happy to help you with any more questions.