Poynt Webhook Signature Verification
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Python3 example demonstrating the Poynt webhook signature verification | |
| from base64 import b64encode | |
| import hmac | |
| import hashlib | |
| import json | |
| data = json.loads("""{ | |
| "createdAt": "2017-07-22T16:27:08Z", | |
| "updatedAt": "2017-07-22T16:27:08Z", | |
| "links": [ | |
| { | |
| "href": "https://services.poynt.net/businesses/469e957c-57a7-4d54-a72a-9e8f3296adad/transactions/b88ce811-3e43-4ae4-9d50-c32f9554ef79", | |
| "rel": "resource", | |
| "method": "GET" | |
| } | |
| ], | |
| "id": "e79ab430-f3ff-4d24-abcd-a366c74c9138", | |
| "deviceId": "urn:tid:d23eaeca-675f-3766-9c51-f6a0707e2587", | |
| "hookId": "174026fd-e185-4930-9917-44323fc98d03", | |
| "applicationId": "urn:aid:6bdee3b0-ced0-4263-ac4e-f783acc9857e", | |
| "resource": "/transactions", | |
| "resourceId": "b88ce811-3e43-4ae4-9d50-c32f9554ef79", | |
| "eventType": "TRANSACTION_REFUNDED", | |
| "businessId": "469e957c-57a7-4d54-a72a-9e8f3296adad", | |
| "storeId": "d1f94f81-6257-41ce-83a8-54bf233fc78d" | |
| }""") | |
| key = 'not-the-secret-you-know' | |
| expected_signature = 'LsLMMShBDVjuPLrejYpkAsCU4YY=' | |
| # eliminate all spacing between separators | |
| # utf-8 encode everything so we're dealing with bytes | |
| string_to_sign = json.dumps(data, separators=(',', ':')).encode('utf-8') | |
| key = key.encode('utf-8') | |
| expected_signature = expected_signature.encode('utf-8') | |
| hashed = hmac.new(key, string_to_sign, hashlib.sha1) | |
| signature = b64encode(hashed.digest()) | |
| assert signature == expected_signature |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment