Upon receiving the webhook post request we hash the request body using HMAC-SHA12 and our signature key (to binary) and then compare the result with the X-ANET header hash sent.
Sometimes it matches, sometimes it does not. This only happens with production credentials, not sandbox.
What could be causing this?
Thanks
Solved! Go to Solution.
04-25-2018 06:58 AM
Hi. I cannot explain the behavior you are seeing, but am on the Authorize.net Webhooks development team, and will talk to my colleagues about this.
A couple of questions to get context on your situation:
Are you able to say how often the hash matches, and how often it does not? (rough percentages)
Are you now just starting to use webhooks in production (and observing the hash match failure) or have you previously been using webhooks without observing this problem?
Thanks, I will update you as soon as I can.
BobQ
04-25-2018 06:06 PM
Hi! thanks for taking the time to answer.
We found the issue and it's silly simple.
Auth.net hashes the payload amounts with decimal zeroes, e.x: 0.30.
Our api is written in NodeJS and the default body parser we had in place was parsing the request body to a JSON and removing decimal zeroes, which don't not exist in js, and that was what we were hashing which was causing the mismatch. So payloads with amounts like 1.00, 1.10 were not being hashed correctly on our end.
So, the fix for this was setting the body parser to take the body as a string which preserves the amount as we need it.
Thanks BobQ, hope this helps other developers facing the same problem.
04-30-2018 10:24 AM
Hi. I cannot explain the behavior you are seeing, but am on the Authorize.net Webhooks development team, and will talk to my colleagues about this.
A couple of questions to get context on your situation:
Are you able to say how often the hash matches, and how often it does not? (rough percentages)
Are you now just starting to use webhooks in production (and observing the hash match failure) or have you previously been using webhooks without observing this problem?
Thanks, I will update you as soon as I can.
BobQ
04-25-2018 06:06 PM
Hi! thanks for taking the time to answer.
We found the issue and it's silly simple.
Auth.net hashes the payload amounts with decimal zeroes, e.x: 0.30.
Our api is written in NodeJS and the default body parser we had in place was parsing the request body to a JSON and removing decimal zeroes, which don't not exist in js, and that was what we were hashing which was causing the mismatch. So payloads with amounts like 1.00, 1.10 were not being hashed correctly on our end.
So, the fix for this was setting the body parser to take the body as a string which preserves the amount as we need it.
Thanks BobQ, hope this helps other developers facing the same problem.
04-30-2018 10:24 AM