cancel
Showing results for 
Search instead for 
Did you mean: 

How to verify webhook notification in nodejs

Hello,

I found this post https://community.developer.cybersource.com/t5/Integration-and-Testing/Verify-WebHook-Notifications-... I replied there but it marked "Solved" and no one continue to reply it, so I would like to ask here. I am sorry if it is inconvenient because of my action. I try to verify the notifications but my code just doesn't work. Here is the code 

const crypto = require('crypto');
app.post("/authorize/payment/created"(reqres)=> {    
    const hash = crypto.createHmac('sha512'signature_key)
                   .update(JSON.stringify(req.body))
                   .digest('hex')
                   .toUpperCase();
    if ("sha512="+hash != req.headers["x-anet-signature"]) {
        console.log({
            result: false,
            header: req.headers["x-anet-signature"],
            hash
        })
        // do something
        return;
    }
   // do something
});

Please give me a guidance

nan40411
Member
2 REPLIES 2

Hello,

Thank you very much for the reply. So in a way, the code I posted was correct? We generated new signature key so the key should be correct. I logged all the payload and sometimes it matches and sometimes it doesn't

nan40411
Member

Hey @nan40411 

If it randomly matches and sometimes it doesn't - then probably you faced with the same issues as I.
Auth.net create a signature with authAmount #.## format (2 digits after period) but send in webhook in another format (for example 2 or 2.1) Try change manually authAmount to 2.00 or 2.10 - then you'll have valid signature.

sera_nikulin
Contributor