Webhook signature validation in python

I’m not able to validate the webhook signature in python. Every time I compute HMAC hash for request content by using SHA256, the result does not match with signature passed by Orchestrator from webhook.

Below is the code:
import hmac, json, locale
import hashlib
import base64
digest = hmac.new(b"[Key set in orchestrator webhook]", str(event.body).encode(‘utf-8’), hashlib.sha256).digest()
string_signature = base64.b64encode(digest)
print(string_signature)
print(hmac.compare_digest(string_signature, event.signature))

Note: Webhook listener is implemented in AWS with the help of API Gateway + Lambda (Python)

Please can someone help on this?

Many thanks in advance!

Issue was with empty spaces while extracting JSON out of raw request.
Using separators solved the issue.
json.dumps(event[‘body’], separators=(’,’, ‘:’))

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.