Hello,
I recently began working on integrating with the new Webhook API to get transactions. This is being integrated into Nodejs. I would like to validate webhook messages using the X-ANET-Signature header, but so far have not been able to produce a matching signature . I have calculated the hash using the signature key and body of the webhook but it doesn't match the sha-512 in the webhook
10-03-2023 04:27 AM
Nik,
If the documentation https://developer.authorize.net/api/reference/features/webhooks.html#Authentication does not amply describe how to validate webhook messages using the X-ANET-Signature header, a search on "validate webhook messages using the X-ANET-Signature" may help.
This may be better answered on stackoverlfow or stackexchange.
David
10-03-2023 07:11 AM
David,
I have implemented a solution for verifying the webhook in Nodejs. It's working when I perform a test webhook from authorize.net. But It doesnot working when i perform a actual transaction.
Working The X-Anet-Signature: header is:
sha512=0589A02CC21A890173457D919A0C15E0E7A69890802884567FDBFB97ED9CF3A46C2187DF2FEE7A9B24DD14C8DAFFDC1D41FF2E4994B8C814B5A92CC98DDB40C0
The body of the notification is:
{"notificationId":"b1a457ef-62ff-48a1-845b-0b54c4f7f990","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-10-04T09:16:16.6814876Z","webhookId":"3c03e386-15de-421d-b6fc-42c985e45904","payload":{"responseCode":21,"authCode":"572","avsResponse":"M","authAmount":12.5,"entityName":"transaction","id":"245"}},"params":{"payment_gateway":"authorizedotnet"}
This one is working I have added not working signature below
The body of the notification is:
{"notificationId":"88798601-186d-46ed-abfd-ed562d9e1dea","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-10-04T10:04:13.7414478Z","webhookId":"3c03e386-15de-421d-b6fc-42c985e45904","payload":{"responseCode":1,"authCode":"MLZVJO","avsResponse":"Y","authAmount":50,"entityName":"transaction","id":"80005479498"}}
X-Anet-Signature: header is:
sha512=97ABB20AF0F9CBD5942CEC90F3F2DB9A70B5CC159FE03C4FD40DBE8C26DC5C80969ABCDC68A8307BC0FE0B20EACADD924C85A922864C2215EF51E2F24D0619FE
here is my signature:
10-04-2023 03:25 AM
Hi @nikhil
Auth.net create a signature with authAmount 50.00 but send in webhook in another format: 50
Try manually change and you'll get valid signature.
I posted a post of all details but no response so far
12-15-2023 03:56 AM