topic Webhook - HMAC-Sha512 Not Matching in Integration and Testing https://community.developer.cybersource.com/t5/Integration-and-Testing/Webhook-HMAC-Sha512-Not-Matching/m-p/89795#M56580 <P>I have seen that others have solved this problem, and the solutions do not work for me.&nbsp; I have struggled with this for far too long today, so I hope someone here can help me figure out what I've done wrong.</P><P>My Signature Key:&nbsp;</P><P>34AD498CD36B7D9BE390EAC08E43964E1D9F04E031F6E4356B726165A5810B2938657BB064CACAE854A294522D67768E4E4DEDB135F106E562415CECF19AB7BA</P><P>The body sent by the Webhook Test:</P><P>&nbsp;</P><LI-CODE lang="markup">{"notificationId":"b72ec390-8160-4276-8d70-ec279081809d","eventType":"net.authorize.payment.authcapture.created","eventDate":"2024-07-27T16:47:07.675394Z","webhookId":"ac14035d-c32c-4afd-831d-625f20e15e4a","payload":{"responseCode":21,"merchantReferenceId":null,"authCode":"572","avsResponse":"M","authAmount":12.5,"amount":0.0,"entityName":"transaction","id":"245","customerType":null,"name":null,"status":null,"profile":null,"fraudList":null,"paymentProfiles":null,"merchantCustomerId":null,"description":null}}</LI-CODE><P>&nbsp;</P><P>My computed hash:</P><P><SPAN>d316041849f5de7c68e33d201605999541bdc76203228aa64695ea1738e43c87618e02baafdb2d766a8905b449597743252550e1814c351b0eb8caab3971def9</SPAN></P><P><SPAN>Hash in the&nbsp;X-ANET-Signature header:</SPAN></P><DIV class="">&nbsp;</DIV><DIV class="">sha512=EE2DE7400A19D4D408051700373D7BC86BC5C5B127CF87F3B9D1506421415C2568145B8ADC347146EE9C1A0B597D7D9C193E3833CD5E52DE9B2116DE9D22E526</DIV><DIV class="">&nbsp;</DIV><DIV class="">My code (copied the ComputeHmacSha512 method from sample code found on this forum):</DIV><DIV class="">&nbsp;</DIV><P>&nbsp;</P><LI-CODE lang="csharp"> private bool IsEventValid(AuthNotifyEventBody authNotifyEventBody, string Header) { var key = Environment.GetEnvironmentVariable(AUTHNET_SECRET); if (string.IsNullOrEmpty(key)) { Log.Error(string.Format("Billing.Notification: Missing Environment Variable: {0}", AUTHNET_SECRET)); return false; } var body = JsonConvert.SerializeObject(authNotifyEventBody); var hash = ComputeHmacSha512(key, body); var isValid = hash.Equals(Header, StringComparison.OrdinalIgnoreCase); if (!isValid) { Log.Error(string.Format("Billing.Notification: Key\n\n{0}", key)); Log.Error(string.Format("Billing.Notification: Body\n\n{0}", body)); Log.Error(string.Format("Billing.Notification: Signature\n\n{0}", Header)); Log.Error(string.Format("Billing.Notification: Hash\n\n{0}", hash)); } return isValid; } private string ComputeHmacSha512(string key, string data) { byte[] _key = Encoding.ASCII.GetBytes(key); using (var myhmacsha1 = new HMACSHA1(_key)) { var hashArray = new HMACSHA512(_key).ComputeHash(Encoding.ASCII.GetBytes(data)); return hashArray.Aggregate("", (s, e) =&gt; s + String.Format("{0:x2}", e), s =&gt; s); } }</LI-CODE><P>&nbsp;</P><P>I have used my key and the body sent in the request to generate a hash at&nbsp;<A href="https://www.freeformatter.com/hmac-generator.html," target="_blank" rel="noopener">https://www.freeformatter.com/hmac-generator.html,</A>&nbsp;and it matches my hash.</P><P>I cannot see what I have done incorrectly, and every time I execute a test from the merchant webhooks page, the hash coming through in the request does not match my computed has.</P><P>Thanks for any assistance!</P><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV> Sat, 27 Jul 2024 17:17:57 GMT hhunt 2024-07-27T17:17:57Z Webhook - HMAC-Sha512 Not Matching https://community.developer.cybersource.com/t5/Integration-and-Testing/Webhook-HMAC-Sha512-Not-Matching/m-p/89795#M56580 <P>I have seen that others have solved this problem, and the solutions do not work for me.&nbsp; I have struggled with this for far too long today, so I hope someone here can help me figure out what I've done wrong.</P><P>My Signature Key:&nbsp;</P><P>34AD498CD36B7D9BE390EAC08E43964E1D9F04E031F6E4356B726165A5810B2938657BB064CACAE854A294522D67768E4E4DEDB135F106E562415CECF19AB7BA</P><P>The body sent by the Webhook Test:</P><P>&nbsp;</P><LI-CODE lang="markup">{"notificationId":"b72ec390-8160-4276-8d70-ec279081809d","eventType":"net.authorize.payment.authcapture.created","eventDate":"2024-07-27T16:47:07.675394Z","webhookId":"ac14035d-c32c-4afd-831d-625f20e15e4a","payload":{"responseCode":21,"merchantReferenceId":null,"authCode":"572","avsResponse":"M","authAmount":12.5,"amount":0.0,"entityName":"transaction","id":"245","customerType":null,"name":null,"status":null,"profile":null,"fraudList":null,"paymentProfiles":null,"merchantCustomerId":null,"description":null}}</LI-CODE><P>&nbsp;</P><P>My computed hash:</P><P><SPAN>d316041849f5de7c68e33d201605999541bdc76203228aa64695ea1738e43c87618e02baafdb2d766a8905b449597743252550e1814c351b0eb8caab3971def9</SPAN></P><P><SPAN>Hash in the&nbsp;X-ANET-Signature header:</SPAN></P><DIV class="">&nbsp;</DIV><DIV class="">sha512=EE2DE7400A19D4D408051700373D7BC86BC5C5B127CF87F3B9D1506421415C2568145B8ADC347146EE9C1A0B597D7D9C193E3833CD5E52DE9B2116DE9D22E526</DIV><DIV class="">&nbsp;</DIV><DIV class="">My code (copied the ComputeHmacSha512 method from sample code found on this forum):</DIV><DIV class="">&nbsp;</DIV><P>&nbsp;</P><LI-CODE lang="csharp"> private bool IsEventValid(AuthNotifyEventBody authNotifyEventBody, string Header) { var key = Environment.GetEnvironmentVariable(AUTHNET_SECRET); if (string.IsNullOrEmpty(key)) { Log.Error(string.Format("Billing.Notification: Missing Environment Variable: {0}", AUTHNET_SECRET)); return false; } var body = JsonConvert.SerializeObject(authNotifyEventBody); var hash = ComputeHmacSha512(key, body); var isValid = hash.Equals(Header, StringComparison.OrdinalIgnoreCase); if (!isValid) { Log.Error(string.Format("Billing.Notification: Key\n\n{0}", key)); Log.Error(string.Format("Billing.Notification: Body\n\n{0}", body)); Log.Error(string.Format("Billing.Notification: Signature\n\n{0}", Header)); Log.Error(string.Format("Billing.Notification: Hash\n\n{0}", hash)); } return isValid; } private string ComputeHmacSha512(string key, string data) { byte[] _key = Encoding.ASCII.GetBytes(key); using (var myhmacsha1 = new HMACSHA1(_key)) { var hashArray = new HMACSHA512(_key).ComputeHash(Encoding.ASCII.GetBytes(data)); return hashArray.Aggregate("", (s, e) =&gt; s + String.Format("{0:x2}", e), s =&gt; s); } }</LI-CODE><P>&nbsp;</P><P>I have used my key and the body sent in the request to generate a hash at&nbsp;<A href="https://www.freeformatter.com/hmac-generator.html," target="_blank" rel="noopener">https://www.freeformatter.com/hmac-generator.html,</A>&nbsp;and it matches my hash.</P><P>I cannot see what I have done incorrectly, and every time I execute a test from the merchant webhooks page, the hash coming through in the request does not match my computed has.</P><P>Thanks for any assistance!</P><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV> Sat, 27 Jul 2024 17:17:57 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Webhook-HMAC-Sha512-Not-Matching/m-p/89795#M56580 hhunt 2024-07-27T17:17:57Z