- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I've come across an unusual scenario where the validity of a signature is contingent on the amount provided. In summary, if the authAmount in the returned webhook body is in the format #.## (e.g., 1.01 or 2.01), the signature verification is successful. However, if authAmount is in the format *.# or * (e.g., 1.1 or 2), the signature verification fails.
Here's an example of a webhook with an amount of 1.1:
Sandbox Environment (Live Mode)
My Signature Key:
A6214F6105625D5ED957CF02E749BB440DBD4E418533D219CAD26AECD104BFFE7F47DBBE5C81927CCA484AE7722BE82CE57FB5318EDE02122277A2FE90EE68EB
Webhook Notification Body:
json
Copy code
{"notificationId":"570f7282-687a-42b7-903b-48e487d7694d","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-12-12T12:45:09.3492643Z","webhookId":"a585ea29-a370-495a-bd83-f9be7160f260","payload":{"responseCode":1,"avsResponse":"P","authAmount":1.1,"merchantReferenceId":"2M4zHFzshYBudvgIZ11B","entityName":"transaction","id":"120011377052"}}
My Local Hash Result:
sha512=0B031880F04DD8D6C98F06A234032575B19393716F7FCE84C62D4901F257D29808DF520CEFCD0225FE4374697769B6A2ED336B463031EA861C73F3396357A605
x-anet-signature:
sha512=8E3D41B0191A9A1E668FB729F350B73C6BBB81D676070FE7CFF001CA2543ABA91BD16A4374A0F6FA4542659728C7DAF79D7EC901FEC582FC2DA3263A2D604DCF
As you can see, the result hash is different. However, if I manually change the body from "authAmount":1.1 to "authAmount":1.10 (although this is not what the client side should do), the hash becomes:
Manually Changed Hash:
sha512=8E3D41B0191A9A1E668FB729F350B73C6BBB81D676070FE7CFF001CA2543ABA91BD16A4374A0F6FA4542659728C7DAF79D7EC901FEC582FC2DA3263A2D604DCF
This hash matches the x-anet-signature header.
Could someone provide assistance in resolving this situation?
Thanks in advance.
Solved! Go to Solution.
โ01-17-2024 05:52 AM
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems that the signature verification issue is related to the precision of the authAmount value. Ensure consistent formatting for the authAmount field, using two decimal places, even for whole numbers (e.g., "authAmount": 1.00 instead of "authAmount": 1). This should align the hash generation and resolve the signature verification problem.
โ02-02-2024 11:01 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems that the signature verification issue is related to the precision of the authAmount value. Ensure consistent formatting for the authAmount field, using two decimal places, even for whole numbers (e.g., "authAmount": 1.00 instead of "authAmount": 1). This should align the hash generation and resolve the signature verification problem.
โ02-02-2024 11:01 PM