Cybersource Developer Community Cybersource Developer Community

Jmont261 · ‎03-31-2022

Hi all,

I'm trying to verify the webhook when I receive the notification in a lambda function in python. This is currently how I'm doing it, but it doesn't match the X-ANET-SIGNATURE, wondering if anyone can help me out here. Thanks!

SIGNATURE_KEY= os.environ.get("key")

def lambda_handler(event, context):
    body = json.loads(event["body"])
    verify_webook(body, event["headers"]["X-ANET-Signature"])

def verify_webook(body, hmac_header, secret=SIGNATURE_KEY):
    body = json.dumps(body)
    digest = hmac.new(
    secret.encode("utf-8"), body.encode("utf-8"), hashlib.sha512
    ).hexdigest()
    return hmac_header == f"sha512={digest.upper()}"

Jmont261 · ‎04-06-2022

This code actually works and I hope it's helpful for anyone using python and verifying the webhook notification since I didn't see any examples in the documentation. The issue was that in my env variable I accidentally had whitespace which was messing with it being encoded properly. So, if you're running into the same issue, make sure the signature key is correct and you're encoding the signature key and body from the webhook event properly.

View solution in original post

Jmont261 · ‎04-06-2022

This code actually works and I hope it's helpful for anyone using python and verifying the webhook notification since I didn't see any examples in the documentation. The issue was that in my env variable I accidentally had whitespace which was messing with it being encoded properly. So, if you're running into the same issue, make sure the signature key is correct and you're encoding the signature key and body from the webhook event properly.

Cybersource Developer Community Cybersource Developer Community

Verify webhook in python