I am integration the ETN instant-payment in nodejs. There are one issue i am facing, i couldn’t match the SIGNATURE hash with mine. Using library ‘js-sha256’, i’m doing sha256.hmac(‘secret_key’, ‘payload’), it wasn’t the same result as the SIGNATURE hash send to me.
However, i tried the webhook in the vendor setting, it works totally fine… Anyone has the same issue? or someone can help me?
Care to share some more of your code? Just paste it here and I’ll have a look through it.
I had a similar problem, but with the payment poll. Turns out I was concatenating the vendor address before the payment ID, instead of the other way round, when setting up the payload. This ended up evaluating to an incorrect hash. However, I don’t think this is the issue with yours as you only need to check the payload already sent to you.
Another problem might be case sensitivity, as pointed out in item 1 of this thread (but using the payment poll again). Perhaps check that the case of your hash match the one sent to you.
Hi benjaminoo! Thank you for your reply! Below are part of my code. Hope you are able to understand it.
I am using the poll method now, but i find it not very efficient to call the poll every 1 sec tho…
let sha256 = require(‘js-sha256’).sha256;
//the signature header from webhook
const signature = req.get(‘ETN-SIGNATURE’)
//As the response json come in a different way. The keys are the value of the payload.
let payloadObj = Object.keys(req.body);
let payload = payloadObj[0];
let hash = sha256.hmac(api_secret, payload);
if(signature !== hash){
//response with 401 code
}
Don’t really know Node JS, so take everything I’m saying with a grain of salt…
Does your payload variable contain the correct value before being passed into sha256? If it’s true that the value of the payload is in the key, as you said in the comment, you might want to try something like this thread suggests?
Yes, it contain the correct value. I even tried to build into the object similar to the WebHook test example in the vendor setting and its does not work too.
Thanks for the thread! It still the same result…not the same hash.
While I don’t know nodejs so well, this looks like you’re hashing the string payload against the secret string secret_key (as both parameters are encased in quotes).
If these are variables, you’ll want to remove the quotes to use sha256.hmac(secret_key, payload).
Hope this helps or leads others on to helping you resolve your issue.