HTTP_X_HUBSPOT_SIGNATURE validation fails

gugaiz · Monday

Hi,

I just created a new app and add it to our hubspot account. The app is using a different endpoint on the server that we already have.

I can't seem to validate the signature of the webhook and I am basically doing the same that with a previous app that has been running for the last 2 years. I am checking the HTTP_X_HUBSPOT_SIGNATURE_VERSION to make sure that is the same version and it is (v1).

The server is done in ruby and I am using the code below to validate the signature and as I said, it works for one endpoint but not for the new one.

if Rails.env.production?
   unless request.headers['CONTENT_TYPE'] == 'application/json' &&
          request.headers['HTTP_USER_AGENT'].downcase.include?('hubspot') &&
          request.headers['X-HUBSPOT-SIGNATURE-VERSION'] == 'v1' &&
          request.headers['X-HUBSPOT-SIGNATURE'] == Digest::SHA256.hexdigest(ENV['HUBSPOT_APP_SECRET'] + request.body.read)
      render status: 404 
      nil
   end 
end

dennisedson · yesterday

Hey @gugaiz

Throwing the ruby folks into this one for you 😀

@altjx , @GaryElliott , @ivandhalluin do you all have some advice here 🙏

Thanks,

Dennis

We are excited to announce that the Community will be launching a weekly newsletter on November 2, 2020!
Sign up today!

gugaiz · yesterday

Hi @dennisedson, thanks for your answer. Actually, I don't think it is something related to ruby because on that same app another endpoint (which is used by an old app) is working well with that code. I don't know why the signature is calculated in a different way for this new app.