cancel
Showing results for 
Search instead for 
Did you mean: 

verify webhook

Hello,


I recently began working on integrating with the new Webhook API to get transactions. This is being integrated into Nodejs. I would like to validate webhook messages using the X-ANET-Signature header, but so far have not been able to produce a matching signature . I have calculated the hash using the signature key and body of the webhook but it doesn't match the sha-512 in the webhook

nikhil
Member
3 REPLIES 3

Nik,

If the documentation https://developer.authorize.net/api/reference/features/webhooks.html#Authentication  does not amply describe how to validate webhook messages using the X-ANET-Signature header, a search on "validate webhook messages using the X-ANET-Signature" may help.

This may be better answered on stackoverlfow or stackexchange.

David

marine2026
Trusted Contributor

David,

I have implemented a solution for verifying the webhook in Nodejs. It's working when I perform a test webhook from authorize.net. But It doesnot working when i perform a actual transaction.

Working The X-Anet-Signature: header is:
sha512=0589A02CC21A890173457D919A0C15E0E7A69890802884567FDBFB97ED9CF3A46C2187DF2FEE7A9B24DD14C8DAFFDC1D41FF2E4994B8C814B5A92CC98DDB40C0


The body of the notification is:
{"notificationId":"b1a457ef-62ff-48a1-845b-0b54c4f7f990","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-10-04T09:16:16.6814876Z","webhookId":"3c03e386-15de-421d-b6fc-42c985e45904","payload":{"responseCode":21,"authCode":"572","avsResponse":"M","authAmount":12.5,"entityName":"transaction","id":"245"}},"params":{"payment_gateway":"authorizedotnet"}

This one is working  I have added not working signature below

The body of the notification is:
{"notificationId":"88798601-186d-46ed-abfd-ed562d9e1dea","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-10-04T10:04:13.7414478Z","webhookId":"3c03e386-15de-421d-b6fc-42c985e45904","payload":{"responseCode":1,"authCode":"MLZVJO","avsResponse":"Y","authAmount":50,"entityName":"transaction","id":"80005479498"}}

 X-Anet-Signature: header is:
sha512=97ABB20AF0F9CBD5942CEC90F3F2DB9A70B5CC159FE03C4FD40DBE8C26DC5C80969ABCDC68A8307BC0FE0B20EACADD924C85A922864C2215EF51E2F24D0619FE
here is my signature:

36848E762E920CFD4044F5D40B0608357567D87378C1DECB6591B5678EB41B5C4088F9EC3C9954C3F40AD08160E56EB177B1C2FDE85BD76F3F9E55FC75146D46



 

nikhil
Member

Hi @nikhil 

Auth.net create a signature with authAmount 50.00 but send in webhook in another format: 50
Try manually change and you'll get valid signature.

I posted a post of all details but no response so far

sera_nikulin
Contributor