Last active
June 5, 2023 09:03
-
-
Save lasley/bb1fe4f6345a3581eca22eee9b15f943 to your computer and use it in GitHub Desktop.
HelpScout WebHook Verification In Python (2 & 3)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
import hmac | |
from base64 import b64encode | |
from hashlib import sha1 | |
WEBHOOK_SECRET_KEY = 'your secret key' | |
def is_from_help_scout(data, signature, encoding='utf8'): | |
"""Validate the signature for the provided data. | |
Args: | |
signature (str): Signature that was provided in the | |
``X-HelpScout-Signature`` header of the request from | |
HelpScout. | |
data (str): Data that was provided in the request body from | |
HelpScout. | |
encoding (str, optional): This is the character encoding for | |
the ``data`` and ``signature`` strings. | |
Returns: | |
bool: Whether the signature is valid for the provided data. | |
""" | |
api_key = bytearray(WEBHOOK_SECRET_KEY, encoding) | |
data = bytearray(data, encoding) | |
signature = bytearray(signature, encoding) | |
hash = hmac.new(api_key, data, sha1) | |
encoded = b64encode(hash.digest()) | |
return encoded.strip() == signature.strip() | |
# Usage Example | |
signature = 'I1KlvGppYqvFTJgJ9jezdQMDiyI=' | |
data = '{"ticket":{"id":"1","number":"2"},"customer":{"id":"1","fname":"Jackie","lname":"Chan","email":"jackie.chan@somewhere.com","emails":["jackie.chan@somewhere.com"]}}' | |
print('Request validation response was', | |
is_from_help_scout(data, signature)) |
I'm trying to use this, and the test works but when I'm actually working with the data sent from helpscout it doesn't work as expected. The issue seems to be with stringifying the body data. Any help on how you properly stringified your body data from HS for this to work?
This worked for me by skipping the encoding of the body data.
I am struggling to figure that out. It is not working for me. Could somebody provide example how he pass data from request using requests library?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm trying to use this, and the test works but when I'm actually working with the data sent from helpscout it doesn't work as expected. The issue seems to be with stringifying the body data. Any help on how you properly stringified your body data from HS for this to work?