Hi @aswinvb Thanks for stopping by the community! Happy Monday. Do you mind sharing the code and setup you’re using? That’ll help me see better what’s happening. Thanks!
Hi @Liz, I created the secret token using ruby -rsecurerandom -e 'puts SecureRandom.hex(20)' and added it in the webhook configuration.
Following is the code that I added in our server:
def authenticate_typeform
request.body.rewind
payload_body = request.body.read
verify_signature(request.envn'HTTP_TYPEFORM_SIGNATURE'], payload_body)
end
def verify_signature(received_signature, payload_body)
hash = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), GlobalConstant.typeform.secret, payload_body)
actual_signature = 'sha256=' + Base64.strict_encode64(hash)
render json: { message: 'Authentication Error' }, status: :bad_request and
return unless Rack::Utils.secure_compare(actual_signature, received_signature)
end
Thanks!
Hi @aswinvb Since I’m not super familiar with Ruby, I’ve reached out to my colleagues to ask for some help! I’ll paste their responses here once I hear back. :)
Thanks for the response @Liz
Hello there,
This is Nordin from Tech support. Nice to be back for a bit in our lovely community.
I’m not a Ruby specialist and maybe you have a problem in your code, but before you go mad with that let me tell you that 95% of the webhook security encryption issues that are escalated to us are caused by testing with the wrong payload.
In order for the script to work properly, regardless of the language you are using, you need to make sure you pass a real request->body to the algo instead of copying and pasting it from anywhere and storing it in a variable.
That won’t work, believe me, when I joined Typeform I spent about 3 days modifying my 12 line script until I found out it was because I was using the wrong payload. You can use something like Ngrok or Serveo to send it to you. dev environment and I believe in most of the cases that will sort it out.
Thanks @Nordin, issue was what you said. When i tried directly by giving the endpoint in Typeform it is working.
Thank you so much!
Yay! Glad that worked, @aswinvb . Thanks @Nordin for the help!