System Information
- 4.11.5:
Hello,
I want to validate a given Typeform payload given a signature from Typeform and my secret. According to the Typeform docs (https://www.typeform.com/developers/webhooks/secure-your-webhooks/) I have to use the ‘entire received payload as binary’.
I’m trying to access the raw payload by setting ‘includeUnparsed: true’ in the ‘strapi::body’ middlewares.js configuation.
But the generated signature doesn’t match the given signature from Typeform. Is there another way to access the raw body for the signature generation?
This is how I access the raw body:
const sym = Object.getOwnPropertySymbols(ctx.request.body).find(
(s) => s.description === 'unparsedBody'
);
const payload = sym ? ctx.request.body[sym] : undefined;
And here’s how I generate the signature:
verifySignature: async (receivedSignature, payload) => {
const hash = crypto
.createHmac('sha256', typeformSecret)
.update(payload)
.digest('base64');
return receivedSignature === `sha256=${hash}`;
}
Does anyone have an idea what could be wrong here?
Thanks!