https://community.developer.cybersource.com/t5/Integration-and-Testing/The-verification-of-the-webhook-signature-is-contingent-on-the/m-p/88640#M55856 <P>Hello,</P><P>I've come across an unusual scenario where the validity of a signature is contingent on the amount provided. In summary, if the authAmount in the returned webhook body is in the format #.## (e.g., 1.01 or 2.01), the signature verification is successful. However, if authAmount is in the format *.# or * (e.g., 1.1 or 2), the signature verification fails.</P><P>Here's an example of a webhook with an amount of 1.1:</P><P>Sandbox Environment (Live Mode)</P><P>My Signature Key:<BR />A6214F6105625D5ED957CF02E749BB440DBD4E418533D219CAD26AECD104BFFE7F47DBBE5C81927CCA484AE7722BE82CE57FB5318EDE02122277A2FE90EE68EB</P><P>Webhook Notification Body:</P><P>json<BR />Copy code<BR />{"notificationId":"570f7282-687a-42b7-903b-48e487d7694d","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-12-12T12:45:09.3492643Z","webhookId":"a585ea29-a370-495a-bd83-f9be7160f260","payload":{"responseCode":1,"avsResponse":"P","authAmount":1.1,"merchantReferenceId":"2M4zHFzshYBudvgIZ11B","entityName":"transaction","id":"120011377052"}}<BR />My Local Hash Result:<BR />sha512=0B031880F04DD8D6C98F06A234032575B19393716F7FCE84C62D4901F257D29808DF520CEFCD0225FE4374697769B6A2ED336B463031EA861C73F3396357A605</P><P>x-anet-signature:<BR />sha512=8E3D41B0191A9A1E668FB729F350B73C6BBB81D676070FE7CFF001CA2543ABA91BD16A4374A0F6FA4542659728C7DAF79D7EC901FEC582FC2DA3263A2D604DCF</P><P>As you can see, the result hash is different. However, if I manually change the body from "authAmount":1.1 to "authAmount":1.10 (although this is not what the client side should do), the hash becomes:</P><P>Manually Changed Hash:<BR />sha512=8E3D41B0191A9A1E668FB729F350B73C6BBB81D676070FE7CFF001CA2543ABA91BD16A4374A0F6FA4542659728C7DAF79D7EC901FEC582FC2DA3263A2D604DCF</P><P>This hash matches the x-anet-signature header.</P><P>Could someone provide assistance in resolving this situation?</P><P>Thanks in advance.</P> Wed, 17 Jan 2024 13:52:23 GMT Mathew312 2024-01-17T13:52:23Z https://community.developer.cybersource.com/t5/Integration-and-Testing/The-verification-of-the-webhook-signature-is-contingent-on-the/m-p/88640#M55856 <P>Hello,</P><P>I've come across an unusual scenario where the validity of a signature is contingent on the amount provided. In summary, if the authAmount in the returned webhook body is in the format #.## (e.g., 1.01 or 2.01), the signature verification is successful. However, if authAmount is in the format *.# or * (e.g., 1.1 or 2), the signature verification fails.</P><P>Here's an example of a webhook with an amount of 1.1:</P><P>Sandbox Environment (Live Mode)</P><P>My Signature Key:<BR />A6214F6105625D5ED957CF02E749BB440DBD4E418533D219CAD26AECD104BFFE7F47DBBE5C81927CCA484AE7722BE82CE57FB5318EDE02122277A2FE90EE68EB</P><P>Webhook Notification Body:</P><P>json<BR />Copy code<BR />{"notificationId":"570f7282-687a-42b7-903b-48e487d7694d","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-12-12T12:45:09.3492643Z","webhookId":"a585ea29-a370-495a-bd83-f9be7160f260","payload":{"responseCode":1,"avsResponse":"P","authAmount":1.1,"merchantReferenceId":"2M4zHFzshYBudvgIZ11B","entityName":"transaction","id":"120011377052"}}<BR />My Local Hash Result:<BR />sha512=0B031880F04DD8D6C98F06A234032575B19393716F7FCE84C62D4901F257D29808DF520CEFCD0225FE4374697769B6A2ED336B463031EA861C73F3396357A605</P><P>x-anet-signature:<BR />sha512=8E3D41B0191A9A1E668FB729F350B73C6BBB81D676070FE7CFF001CA2543ABA91BD16A4374A0F6FA4542659728C7DAF79D7EC901FEC582FC2DA3263A2D604DCF</P><P>As you can see, the result hash is different. However, if I manually change the body from "authAmount":1.1 to "authAmount":1.10 (although this is not what the client side should do), the hash becomes:</P><P>Manually Changed Hash:<BR />sha512=8E3D41B0191A9A1E668FB729F350B73C6BBB81D676070FE7CFF001CA2543ABA91BD16A4374A0F6FA4542659728C7DAF79D7EC901FEC582FC2DA3263A2D604DCF</P><P>This hash matches the x-anet-signature header.</P><P>Could someone provide assistance in resolving this situation?</P><P>Thanks in advance.</P> Wed, 17 Jan 2024 13:52:23 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/The-verification-of-the-webhook-signature-is-contingent-on-the/m-p/88640#M55856 Mathew312 2024-01-17T13:52:23Z https://community.developer.cybersource.com/t5/Integration-and-Testing/The-verification-of-the-webhook-signature-is-contingent-on-the/m-p/88743#M55921 <P><SPAN>It seems that the signature verification issue is related to the precision of the authAmount value. Ensure consistent formatting for the authAmount field, using two decimal places, even for whole numbers (e.g., "authAmount": 1.00 instead of "authAmount": 1). This should align the hash generation and resolve the signature verification problem.</SPAN></P> Sat, 03 Feb 2024 07:01:33 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/The-verification-of-the-webhook-signature-is-contingent-on-the/m-p/88743#M55921 Shawn232 2024-02-03T07:01:33Z