Need help in WEBHOOK Javascript/Nodejs integration

Hi,

I am integration the ETN instant-payment in nodejs. There are one issue i am facing, i couldn’t match the SIGNATURE hash with mine. Using library ‘js-sha256’, i’m doing sha256.hmac(‘secret_key’, ‘payload’), it wasn’t the same result as the SIGNATURE hash send to me.

However, i tried the webhook in the vendor setting, it works totally fine… Anyone has the same issue? or someone can help me?

THANK YOU!

Care to share some more of your code? Just paste it here and I’ll have a look through it.

I had a similar problem, but with the payment poll. Turns out I was concatenating the vendor address before the payment ID, instead of the other way round, when setting up the payload. This ended up evaluating to an incorrect hash. However, I don’t think this is the issue with yours as you only need to check the payload already sent to you.

1 Like

Another problem might be case sensitivity, as pointed out in item 1 of this thread (but using the payment poll again). Perhaps check that the case of your hash match the one sent to you.

1 Like

Hi benjaminoo! Thank you for your reply! Below are part of my code. Hope you are able to understand it.
I am using the poll method now, but i find it not very efficient to call the poll every 1 sec tho…

let sha256 = require(‘js-sha256’).sha256;

//the signature header from webhook
const signature = req.get(‘ETN-SIGNATURE’)
//As the response json come in a different way. The keys are the value of the payload.
let payloadObj = Object.keys(req.body);
let payload = payloadObj[0];

let hash = sha256.hmac(api_secret, payload);
if(signature !== hash){
//response with 401 code
}

Its totally different from the one sent to me…

Don’t really know Node JS, so take everything I’m saying with a grain of salt… :grinning:

Does your payload variable contain the correct value before being passed into sha256? If it’s true that the value of the payload is in the key, as you said in the comment, you might want to try something like this thread suggests?

Yes, it contain the correct value. I even tried to build into the object similar to the WebHook test example in the vendor setting and its does not work too.

Thanks for the thread! It still the same result…not the same hash.

While I don’t know nodejs so well, this looks like you’re hashing the string payload against the secret string secret_key (as both parameters are encased in quotes).

If these are variables, you’ll want to remove the quotes to use sha256.hmac(secret_key, payload).

Hope this helps or leads others on to helping you resolve your issue.

Egg

Hi Egg,

yes the secret_key and payload are the variables, its not in quotes. It’s a example only. Sorry for the confusion.

Have you output (console.log?) api_secret, signature, payload and hash to ensure they (appear to) have the correct values?

I can only suggest you debug and output as much as possible to get through it. Good luck.

Egg

Yes i did all these debugging too.

Alright, thank you so much!

I am just getting started with node.js myself thanks for the code examples. Will keep you updated if I get something right.

Hi!! Great! Let me know if you need help in node js. =D