Poynt Webhook Signature Verification
| # Python3 example demonstrating the Poynt webhook signature verification | |
| from base64 import b64encode | |
| import hmac | |
| import hashlib | |
| import json | |
| data = json.loads("""{ | |
| "createdAt": "2017-07-22T16:27:08Z", | |
| "updatedAt": "2017-07-22T16:27:08Z", | |
| "links": [ | |
| { | |
| "href": "https://services.poynt.net/businesses/469e957c-57a7-4d54-a72a-9e8f3296adad/transactions/b88ce811-3e43-4ae4-9d50-c32f9554ef79", | |
| "rel": "resource", | |
| "method": "GET" | |
| } | |
| ], | |
| "id": "e79ab430-f3ff-4d24-abcd-a366c74c9138", | |
| "deviceId": "urn:tid:d23eaeca-675f-3766-9c51-f6a0707e2587", | |
| "hookId": "174026fd-e185-4930-9917-44323fc98d03", | |
| "applicationId": "urn:aid:6bdee3b0-ced0-4263-ac4e-f783acc9857e", | |
| "resource": "/transactions", | |
| "resourceId": "b88ce811-3e43-4ae4-9d50-c32f9554ef79", | |
| "eventType": "TRANSACTION_REFUNDED", | |
| "businessId": "469e957c-57a7-4d54-a72a-9e8f3296adad", | |
| "storeId": "d1f94f81-6257-41ce-83a8-54bf233fc78d" | |
| }""") | |
| key = 'not-the-secret-you-know' | |
| expected_signature = 'LsLMMShBDVjuPLrejYpkAsCU4YY=' | |
| # eliminate all spacing between separators | |
| # utf-8 encode everything so we're dealing with bytes | |
| string_to_sign = json.dumps(data, separators=(',', ':')).encode('utf-8') | |
| key = key.encode('utf-8') | |
| expected_signature = expected_signature.encode('utf-8') | |
| hashed = hmac.new(key, string_to_sign, hashlib.sha1) | |
| signature = b64encode(hashed.digest()) | |
| assert signature == expected_signature |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment