Discussions

I'm attempting to verify the signature in the webhook header. I can verify the signatures for "transactionDetected" events and a few "statusChanged" events. However, the signature does not match for any of the subsequent webhook requests that I've received.

I have created the signature like this,

		
    secret_key = BVNK_MERCHANT_SECRET
    content_type = 'application/json'  

    # REMOVE WHITE SPACE FROM PAYLOAD
    payload = json.dumps(request.data, separators=(",", ":"))  
   
    # GET WEBHOOK PATH
    path = "/webhook/path/"

    # CONCATENATE DATA THAT NEEDS TO BE HASHED
    data_to_hash = f"{path}{content_type}{payload}"

    # CREATE HMAC SIGNATURE
    hmac_sha256 = hmac.new(secret_key.encode('utf-8'), data_to_hash.encode('utf-8'), hashlib.sha256)
    hmac_signature = hmac_sha256.digest().hex()