developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Webhook - HMAC-Sha512 Not Matching

I have seen that others have solved this problem, and the solutions do not work for me.  I have struggled with this for far too long today, so I hope someone here can help me figure out what I've done wrong.

My Signature Key: 

34AD498CD36B7D9BE390EAC08E43964E1D9F04E031F6E4356B726165A5810B2938657BB064CACAE854A294522D67768E4E4DEDB135F106E562415CECF19AB7BA

The body sent by the Webhook Test:

 

{"notificationId":"b72ec390-8160-4276-8d70-ec279081809d","eventType":"net.authorize.payment.authcapture.created","eventDate":"2024-07-27T16:47:07.675394Z","webhookId":"ac14035d-c32c-4afd-831d-625f20e15e4a","payload":{"responseCode":21,"merchantReferenceId":null,"authCode":"572","avsResponse":"M","authAmount":12.5,"amount":0.0,"entityName":"transaction","id":"245","customerType":null,"name":null,"status":null,"profile":null,"fraudList":null,"paymentProfiles":null,"merchantCustomerId":null,"description":null}}

 

My computed hash:

d316041849f5de7c68e33d201605999541bdc76203228aa64695ea1738e43c87618e02baafdb2d766a8905b449597743252550e1814c351b0eb8caab3971def9

Hash in the X-ANET-Signature header:

 
sha512=EE2DE7400A19D4D408051700373D7BC86BC5C5B127CF87F3B9D1506421415C2568145B8ADC347146EE9C1A0B597D7D9C193E3833CD5E52DE9B2116DE9D22E526
 
My code (copied the ComputeHmacSha512 method from sample code found on this forum):
 

 

        private bool IsEventValid(AuthNotifyEventBody authNotifyEventBody, string Header)
        {
            var key = Environment.GetEnvironmentVariable(AUTHNET_SECRET);
            if (string.IsNullOrEmpty(key))
            {
                Log.Error(string.Format("Billing.Notification: Missing Environment Variable: {0}", AUTHNET_SECRET));
                return false;
            }
            var body = JsonConvert.SerializeObject(authNotifyEventBody);
            var hash = ComputeHmacSha512(key, body);
            var isValid = hash.Equals(Header, StringComparison.OrdinalIgnoreCase);
            if (!isValid)
            {
                Log.Error(string.Format("Billing.Notification: Key\n\n{0}", key));
                Log.Error(string.Format("Billing.Notification: Body\n\n{0}", body));
                Log.Error(string.Format("Billing.Notification: Signature\n\n{0}", Header));
                Log.Error(string.Format("Billing.Notification: Hash\n\n{0}", hash));
            }
            return isValid;
        }

        private string ComputeHmacSha512(string key, string data)
        {
            byte[] _key = Encoding.ASCII.GetBytes(key);
            using (var myhmacsha1 = new HMACSHA1(_key))
            {
                var hashArray = new HMACSHA512(_key).ComputeHash(Encoding.ASCII.GetBytes(data));

                return hashArray.Aggregate("", (s, e) => s + String.Format("{0:x2}", e), s => s);
            }
        }

 

I have used my key and the body sent in the request to generate a hash at https://www.freeformatter.com/hmac-generator.html, and it matches my hash.

I cannot see what I have done incorrectly, and every time I execute a test from the merchant webhooks page, the hash coming through in the request does not match my computed has.

Thanks for any assistance!

 
 
hhunt
Member

‎07-27-2024 10:17 AM

0 Kudos
0 REPLIES 0
Copyright © 2024 Khoros, LLC