Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Poynt Webhook Signature Verification
# Python3 example demonstrating the Poynt webhook signature verification
from base64 import b64encode
import hmac
import hashlib
import json
data = json.loads("""{
"createdAt": "2017-07-22T16:27:08Z",
"updatedAt": "2017-07-22T16:27:08Z",
"links": [
"href": "",
"rel": "resource",
"method": "GET"
"id": "e79ab430-f3ff-4d24-abcd-a366c74c9138",
"deviceId": "urn:tid:d23eaeca-675f-3766-9c51-f6a0707e2587",
"hookId": "174026fd-e185-4930-9917-44323fc98d03",
"applicationId": "urn:aid:6bdee3b0-ced0-4263-ac4e-f783acc9857e",
"resource": "/transactions",
"resourceId": "b88ce811-3e43-4ae4-9d50-c32f9554ef79",
"businessId": "469e957c-57a7-4d54-a72a-9e8f3296adad",
"storeId": "d1f94f81-6257-41ce-83a8-54bf233fc78d"
key = 'not-the-secret-you-know'
expected_signature = 'LsLMMShBDVjuPLrejYpkAsCU4YY='
# eliminate all spacing between separators
# utf-8 encode everything so we're dealing with bytes
string_to_sign = json.dumps(data, separators=(',', ':')).encode('utf-8')
key = key.encode('utf-8')
expected_signature = expected_signature.encode('utf-8')
hashed =, string_to_sign, hashlib.sha1)
signature = b64encode(hashed.digest())
assert signature == expected_signature
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment