Validating (Typeform) payload with signature

System Information
  • 4.11.5:

Hello,

I want to validate a given Typeform payload given a signature from Typeform and my secret. According to the Typeform docs (https://www.typeform.com/developers/webhooks/secure-your-webhooks/) I have to use the ‘entire received payload as binary’.

I’m trying to access the raw payload by setting ‘includeUnparsed: true’ in the ‘strapi::body’ middlewares.js configuation.

But the generated signature doesn’t match the given signature from Typeform. Is there another way to access the raw body for the signature generation?

This is how I access the raw body:

const sym = Object.getOwnPropertySymbols(ctx.request.body).find(
    (s) => s.description === 'unparsedBody'
);
const payload = sym ? ctx.request.body[sym] : undefined;

And here’s how I generate the signature:

verifySignature: async (receivedSignature, payload) => {
    const hash = crypto
        .createHmac('sha256', typeformSecret)
        .update(payload)
        .digest('base64');

    return receivedSignature === `sha256=${hash}`;
}

Does anyone have an idea what could be wrong here?

Thanks!

Ah, nevermind. The created hash matched the given one. The request failed because of another unrelated issue.