Webhook X-Anet-Signature validation problem C#

jerry — Mon, 24 Apr 2023 20:14:45 GMT

When my transactionRequest.amount equal a 100.00 I can't match in X-Anet-Signature , if it is 100.11, or other amount with two decimal points can match X-Anet-Signature：like 155.94 ,it is ok

This is my C# Get HPP Code:

var transactionRequest = new transactionRequestType
{
transactionType = !ispreauth ? transactionTypeEnum.authCaptureTransaction.ToString() : transactionTypeEnum.authOnlyTransaction.ToString(), // authorize capture only
amount = amount,
profile = new customerProfilePaymentType()
{
customerProfileId = myprofileid,
},
order = new orderType()
{
invoiceNumber = formid,
description = ""
},
};

var request = new getHostedPaymentPageRequest();
request.transactionRequest = transactionRequest;
request.hostedPaymentSettings = settingslist.ToArray();
request.merchantAuthentication = merchantAuthentication;

// instantiate the controller that will call the service
var controller = new getHostedPaymentPageController(request);
controller.Execute(runEnvironment);

This is my webhook CheckToken Code:

public static bool CheckTokens(string signatureKey, string jsonRawBody, string AnetSignature)
{
if (String.IsNullOrEmpty(jsonRawBody)) return false;
if (String.IsNullOrEmpty(AnetSignature)) return false;
if (String.IsNullOrEmpty(signatureKey)) return false;

// generate the shaw token
var token = GetSHAToken(jsonRawBody, signatureKey);
if (String.IsNullOrEmpty(token)) return false;

return AnetSignature.Equals(token, StringComparison.OrdinalIgnoreCase);
}

static private string GetSHAToken(string data, string key)
{
// use Encoding.ASCII.GetBytes or Encoding.UTF8.GetBytes
byte[] keyBytes = Encoding.ASCII.GetBytes(key);
byte[] bodyBytes = Encoding.ASCII.GetBytes(data);
using (var hmac = new HMACSHA512(keyBytes))
{
byte[] hashBytes = hmac.ComputeHash(bodyBytes);
string computedSignature = BitConverter.ToString(hashBytes).Replace("-", "");

return computedSignature;
}
}

Success response:

X-Anet-Signature：

sha512=8B681B20F71C03A1EF29AD143FA69208DE30AE3B3479B1DA3B145574792AC8B1BDC65CBA8AE4BB33A43D153346DB8BE59C328CCF0219C90E202AB2CB7114356C

Body:

{"notificationId":"1a3e3187-d4a2-4789-8b50-2232347abb9c","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-04-24T17:08:18.600636Z","webhookId":"231a1387-1f73-4dc2-9376-1e874b1be836","payload":{"responseCode":1,"authCode":"50SMK4","avsResponse":"Y","authAmount":155.94,"invoiceNumber":"20230424170807229","entityName":"transaction","id":"60215674752"}}

Error Reponse:

X-Anet-Signature：sha512=D636BEE76B7FB85079E95347000C8689C44026745A9123A588768273CD4FE43228ED472A34AFFCD30FA743793A30FA479C536CEC51FBADF46D2E85B3BE614FF1

Body：

{"notificationId":"5018bb26-0cb1-4d93-8b95-4f750b962ab6","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-04-24T19:33:37.2940108Z","webhookId":"231a1387-1f73-4dc2-9376-1e874b1be836","payload":{"responseCode":1,"authCode":"HGOSNF","avsResponse":"Y","authAmount":100.0,"invoiceNumber":"20230424193316292","entityName":"transaction","id":"60215683565"}}

I promise to use the same signatureKey，I don't quite understand if I set amount to 100.00, but the webhook returns 100.0 to me has anything to do with it，I've also tried replacing C# requests with HTTP POST methods and I tried to set amount to 100 or 100.0 or 100.00 , But it never matched.

Re: Webhook X-Anet-Signature validation problem C#

mihcaelmark834 — Mon, 05 Jun 2023 13:40:02 GMT

thanks for sharing

topic Webhook X-Anet-Signature validation problem C# in Integration and Testing

Webhook X-Anet-Signature validation problem C#

Re: Webhook X-Anet-Signature validation problem C#