Cybersource Developer Community Cybersource Developer Community

ashish1871 · ‎07-24-2018

The documentation here https://developer.authorize.net/api/reference/features/webhooks.html#Verifying_the_Notification talks about the verification process for WebHook response. Is there and example available on how to implement this in Java?

Anurag · ‎07-24-2018

Hi @ashish1871

You can have a look at this repo https://github.com/dns12345/AuthNet.WebHooks

We are also in progress of building a sample app for Webhooks which will be published soon .

Thanks

Send feedback at developer_feedback@authorize.net

View solution in original post

Anurag · ‎07-24-2018

Hi @ashish1871

You can have a look at this repo https://github.com/dns12345/AuthNet.WebHooks

We are also in progress of building a sample app for Webhooks which will be published soon .

Thanks

Send feedback at developer_feedback@authorize.net

coppercup · ‎08-23-2018

This link no longer works.

Anurag · ‎08-23-2018

Try this link

https://github.com/dns12345/AuthNet.WebHooks/tree/master/AuthNet.WebHooks

Also checkout our new Webhook Sample App at https://github.com/AuthorizeNet/webhooks-sample-app

Thanks

Send feedback at developer_feedback@authorize.net

attb2 · ‎05-30-2019

I had the exact same problem:

How to verify X-Anet-Signature?

So I have to use raw json encoded string as received on my endpoint. Without any modification, concatenation of name-value pairs with specials characters etc.

It is very simple! Why not mentioned in the official documentation?

It only says:

"The client application can generate the same HMAC-SHA512 hash using the webhook notification's body and the merchant's Signature Key."

And poor developer does not understand what "body" means... :-)

chaitalisedin18 · ‎12-16-2020

I have followed the documentation for verifying the notification as well as Ruby code for it: https://github.com/AuthorizeNet/sample-code-ruby/blob/master/Sha512/compute-transhash-sha512.rb

Still, the signature generated by me and the X-ANET-Signature is not matching.

Can you please guide me with Ruby code to generate the HMAC-SHA512 hash?

nan40411 · ‎05-25-2023

Hi,

I write down a nodejs code and it doesn't work all the time. Sometimes it matches and sometimes it doesn't match. What could be the reason?

const crypto = require('crypto');

app.post("/authorize/payment/created", (req, res)=> {

const hash = crypto.createHmac('sha512', signature_key)

.update(JSON.stringify(req.body))

.digest('hex')

.toUpperCase();

if ("sha512="+hash != req.headers["x-anet-signature"]) {

console.log({

result: false,

header: req.headers["x-anet-signature"],

hash

})

// do something

return;

}

// do something

});

scottiescott · ‎12-19-2023

You guys really need to update your API documentation, something so ridiculously simple once again made difficult due to lack of documentation.

scottiescott · ‎12-19-2023

its not "x-anet-signature" its case sensitive so it should be

X-ANET-Signature

JeffGTech · ‎01-10-2024

If you're using Java, get HmacUtils from commons-codec. Then you just pass your sig key like so and can compare with hmacHex on the body. It will return the hash as a string then you just compare them.

HmacUtils h = new HmacUtils(HMAC_SHA_512, "<SIG_KEY>");
h.hmacHex("<REQUEST_BODY>");

Cybersource Developer Community Cybersource Developer Community

Verify WebHook Notifications example