Validating (Typeform) payload with signature

System Information
  • 4.11.5:


I want to validate a given Typeform payload given a signature from Typeform and my secret. According to the Typeform docs ( I have to use the ‘entire received payload as binary’.

I’m trying to access the raw payload by setting ‘includeUnparsed: true’ in the ‘strapi::body’ middlewares.js configuation.

But the generated signature doesn’t match the given signature from Typeform. Is there another way to access the raw body for the signature generation?

This is how I access the raw body:

const sym = Object.getOwnPropertySymbols(ctx.request.body).find(
    (s) => s.description === 'unparsedBody'
const payload = sym ? ctx.request.body[sym] : undefined;

And here’s how I generate the signature:

verifySignature: async (receivedSignature, payload) => {
    const hash = crypto
        .createHmac('sha256', typeformSecret)

    return receivedSignature === `sha256=${hash}`;

Does anyone have an idea what could be wrong here?


Ah, nevermind. The created hash matched the given one. The request failed because of another unrelated issue.