APIs & Integrations

fastjack
Participant

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

Since yesterday, we are receiving incorrect signatures in our integration's CRM extension's requests from Hubspot.

 

Nothing changed on our end. The calculated signature does not match the one sent by Hubspot anymore.

 

Can you investigate or explain what changed on your end so we/you can fix this?

 

This is preventing our sales team to work so it is very problematic.

2 Accepted solutions
dennisedson
Solution
HubSpot Product Team
HubSpot Product Team

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

@fastjack 

Is this still an issue? 

There was an announcement regarding new version of signatures being sent, but the old one should still be in there for backwards compatibility. 

View solution in original post

skirkpatrick
Solution
Contributor

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

I can confirm that our v2 signatures are again working as expected.

View solution in original post

15 Replies 15
stefanTufvesson
Member

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

Agree. Terrible. But I think they reverted back to using @ in the signature. At least this is the case for v2 signatures which was changed yesterday. 

skirkpatrick
Solution
Contributor

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

I can confirm that our v2 signatures are again working as expected.

paulmdavies
Member

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

@fastjackthey've changed how the v3 signature is generated, without any updates to the documentation, once again. Previously, you had to url encode the query string parameters (no mention of query string in the docs...) so emails had %40 instead of @. Now, that's no longer the case.

 

@dennisedsonthis functionality has now broken twice in the last month, both due to unannounced and undocumented changes on the HubSpot side. I think that's pretty unacceptable. Also, the documentation should be massively improved with working examples, to avoid a suck-it-and-see approach to implementation.

fastjack
Participant

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

@dennisedson The v3 signature check is invalid as of today 8AM UTC.

 

Did you change something or is it just broken again?

0 Upvotes
dennisedson
HubSpot Product Team
HubSpot Product Team

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

@fastjack 

Just received info from the team.  Looks like there was a bug fix applied to a low level library which had unexpected side effects.  The change has been reverted and all should be back with regards to the v2 signature.

As for the query string that @paulmdavies mentioned, he v3 signature requires decoding certain characters in the query params of the request URI before calculating the signature.  This was a miss on our part not getting it into the docs.  We will update them accordingly.   I will also mention the suggestion of working examples. 

 

I understand the frustration that this has caused.  I have made sure that the teams have heard this and we will continue to improve the safeguards in our systems in an effort to prevent these types of issues from occurring. 

 

I also want to thank you for voicing these issues here.  It is important to be called out on our shortcomings.  Otherwise, we would be developing a product in a vaccum which is good for no one.

We do take the comments seriously and we are listening actively to the Community. 

0 Upvotes
ogelal
Participant

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

v3 signature requires decoding certain characters in the query params of the request URI before calculating the signature.  This was a miss on our part not getting it into the docs.  We will update them accordingly.   I will also mention the suggestion of working examples. 

It looks like it's still not in the docs. Please help, I'm facing the same problem. How should I encode/decode certain characters in the query params? For example, I have an URI:

 

https://my.domain.com/hubspot/dealcard?userId=46434839&userEmail=test@domain.com&associatedObjectId=5330690538&associatedObjectType=DEAL&portalId=26152491&hs_object_id=5330690538
0 Upvotes
stefanTufvesson
Member

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

It turns out that we did the hashing based on the decoded query string on the v2 signatures. This worked fine up to the launch of v3 signatures. Now you need to hash the raw query string! This was the issue on v3 signatures as well.  

stefanTufvesson
Member

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

We are also experiencing signature mismatches on v2 that was working fine before. This is a big problem for us. We have tried to move to v3 but failing to get the signature to match there as well. 

0 Upvotes
dennisedson
HubSpot Product Team
HubSpot Product Team

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

@JFast , @skirkpatrick -- the v2 issue should be resolved. 

skirkpatrick
Contributor

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

Appreciate the update, @dennisedson !

 

I did some testing this morning, but I'm still seeing the same v2 signature mismatches.

 

The URL part of our signature does have some nuance to it. Params on the URL contain characters that needed to follow a mix of being url-encoded and _not_ url-encoded as described in my older post.

 

Have there been changes made to the way that URL params are treated in the signature computation on the HubSpot side? Some potential reasons that come to mind are sanitizing the params to ensure there is no XSS injection or other security exploits being attempted, but I would need to understand how to make sure we wind up with the same URL param values to re-compute the signature on our end for validation.

0 Upvotes
dennisedson
HubSpot Product Team
HubSpot Product Team

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

@skirkpatrick 

The team is aware of this issue that you appear to be affected by and is working on it.  If it hasn't already, should be addressed soon!

fastjack
Participant

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

I just confirmed that we are also receiving the X-Hubspot-Signature-v3 header per that announcement, but the X-Hubspot-Signature-Version is still set to v2 and the X-Hubspot-Signature value no longer matches.

This is exactly what we were seeing also.

 

We had to update our integration to v3 signature to make it work again and allow our sales team to resume its work.

skirkpatrick
Contributor

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

Ok, got it. Thanks, @fastjack ! We'll try doing the same.

skirkpatrick
Contributor

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

We are experiencing the same issue with v2 signature validation. It was first detected at 10am EST yesterday, 11/2. Additional detail and full context here: https://community.hubspot.com/t5/APIs-Integrations/X-Hubspot-Signature-python-validation-for-Hubspot...

 

Was the situation resolved for you, @fastjack ? I just confirmed that we are also receiving the X-Hubspot-Signature-v3 header per that announcement, but the X-Hubspot-Signature-Version is still set to v2 and the X-Hubspot-Signature value no longer matches.

dennisedson
Solution
HubSpot Product Team
HubSpot Product Team

Incorrect X-Hubspot-Signature in CRM extension's requests

SOLVE

@fastjack 

Is this still an issue? 

There was an announcement regarding new version of signatures being sent, but the old one should still be in there for backwards compatibility.