https://community.developer.cybersource.com/t5/Integration-and-Testing/Wehbook-post-request-header-hash-not-always-matching/m-p/62843#M37090 <P>Hi. I cannot explain the behavior you are seeing, but am on the Authorize.net Webhooks development team, and will talk to my colleagues about this.</P><P>&nbsp;</P><P>A couple of questions to get context on your situation:</P><P>&nbsp;</P><P>Are you able to say how often the hash matches, and how often it does not? (rough percentages)</P><P>Are you now just starting to use webhooks in production (and observing the hash match failure) or have you previously been using webhooks without observing this problem?</P><P>&nbsp;</P><P>Thanks, I will update you as soon as I can.</P><P>&nbsp;</P><P>BobQ</P> Thu, 26 Apr 2018 01:06:47 GMT bobq 2018-04-26T01:06:47Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Wehbook-post-request-header-hash-not-always-matching/m-p/62826#M37073 <P>Upon receiving the webhook post request we hash the request body using HMAC-SHA12 and our signature key (to binary) and then compare&nbsp;the result with the X-ANET header hash sent.</P><P>&nbsp;</P><P>Sometimes it matches, sometimes it does not. This only happens with production credentials, not sandbox.&nbsp;&nbsp;</P><P>&nbsp;</P><P>What could be&nbsp;causing&nbsp;this?</P><P>&nbsp;</P><P>Thanks</P> Wed, 25 Apr 2018 13:58:48 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Wehbook-post-request-header-hash-not-always-matching/m-p/62826#M37073 naivysr_2018Dev 2018-04-25T13:58:48Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Wehbook-post-request-header-hash-not-always-matching/m-p/62843#M37090 <P>Hi. I cannot explain the behavior you are seeing, but am on the Authorize.net Webhooks development team, and will talk to my colleagues about this.</P><P>&nbsp;</P><P>A couple of questions to get context on your situation:</P><P>&nbsp;</P><P>Are you able to say how often the hash matches, and how often it does not? (rough percentages)</P><P>Are you now just starting to use webhooks in production (and observing the hash match failure) or have you previously been using webhooks without observing this problem?</P><P>&nbsp;</P><P>Thanks, I will update you as soon as I can.</P><P>&nbsp;</P><P>BobQ</P> Thu, 26 Apr 2018 01:06:47 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Wehbook-post-request-header-hash-not-always-matching/m-p/62843#M37090 bobq 2018-04-26T01:06:47Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Wehbook-post-request-header-hash-not-always-matching/m-p/62878#M37111 <P>Hi! thanks for taking the time to answer.</P><P>&nbsp;</P><P>We found the issue and it's silly simple.</P><P>&nbsp;</P><P>Auth.net hashes the payload amounts&nbsp;with&nbsp;decimal zeroes, e.x: 0.30.</P><P>&nbsp;</P><P>Our api is written in&nbsp;NodeJS&nbsp;and the default body parser we had in place was parsing the request body to a JSON&nbsp;and removing&nbsp;decimal zeroes, which&nbsp;don't not exist in js, and that was what we were hashing which was causing the mismatch. So payloads with amounts like 1.00, 1.10 were not being hashed correctly on our end.</P><P>&nbsp;</P><P>So, the fix for this was setting the body parser to take the body as a string which preserves the amount as we need<SPAN>&nbsp;</SPAN>it.</P><P>&nbsp;</P><P>Thanks&nbsp;<SPAN>BobQ, hope this helps other&nbsp;developers&nbsp;facing the same problem.</SPAN></P> Mon, 30 Apr 2018 17:24:45 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Wehbook-post-request-header-hash-not-always-matching/m-p/62878#M37111 naivysr_2018Dev 2018-04-30T17:24:45Z