cancel
Showing results for 
Search instead for 
Did you mean: 

Wehbook post request header hash not always matching

Upon receiving the webhook post request we hash the request body using HMAC-SHA12 and our signature key (to binary) and then compare the result with the X-ANET header hash sent.

 

Sometimes it matches, sometimes it does not. This only happens with production credentials, not sandbox.  

 

What could be causing this?

 

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions

Hi. I cannot explain the behavior you are seeing, but am on the Authorize.net Webhooks development team, and will talk to my colleagues about this.

 

A couple of questions to get context on your situation:

 

Are you able to say how often the hash matches, and how often it does not? (rough percentages)

Are you now just starting to use webhooks in production (and observing the hash match failure) or have you previously been using webhooks without observing this problem?

 

Thanks, I will update you as soon as I can.

 

BobQ

View solution in original post

bobq
Authorize.Net Developer Authorize.Net Developer
Authorize.Net Developer

Hi! thanks for taking the time to answer.

 

We found the issue and it's silly simple.

 

Auth.net hashes the payload amounts with decimal zeroes, e.x: 0.30.

 

Our api is written in NodeJS and the default body parser we had in place was parsing the request body to a JSON and removing decimal zeroes, which don't not exist in js, and that was what we were hashing which was causing the mismatch. So payloads with amounts like 1.00, 1.10 were not being hashed correctly on our end.

 

So, the fix for this was setting the body parser to take the body as a string which preserves the amount as we need it.

 

Thanks BobQ, hope this helps other developers facing the same problem.

View solution in original post

3 REPLIES 3

Hi. I cannot explain the behavior you are seeing, but am on the Authorize.net Webhooks development team, and will talk to my colleagues about this.

 

A couple of questions to get context on your situation:

 

Are you able to say how often the hash matches, and how often it does not? (rough percentages)

Are you now just starting to use webhooks in production (and observing the hash match failure) or have you previously been using webhooks without observing this problem?

 

Thanks, I will update you as soon as I can.

 

BobQ

bobq
Authorize.Net Developer Authorize.Net Developer
Authorize.Net Developer

Hi! thanks for taking the time to answer.

 

We found the issue and it's silly simple.

 

Auth.net hashes the payload amounts with decimal zeroes, e.x: 0.30.

 

Our api is written in NodeJS and the default body parser we had in place was parsing the request body to a JSON and removing decimal zeroes, which don't not exist in js, and that was what we were hashing which was causing the mismatch. So payloads with amounts like 1.00, 1.10 were not being hashed correctly on our end.

 

So, the fix for this was setting the body parser to take the body as a string which preserves the amount as we need it.

 

Thanks BobQ, hope this helps other developers facing the same problem.

Could you offer us with a sample request you are sending to the gateway with any sensitive records of Ho Tactics eliminated and any reaction/log?

hsdse33
Member