APIs & Integrations

JPaulo1
Participant

Problem validating request signatures in workflow webhooks

I am validating the request signature for webhooks triggered by workflows using the "Signature v3" header. However, I have noticed that in some requests, the ha_sh does not match, even though the same code validates correctly most of the time. Does anyone know if there are any inconsistencies with HubSpot when validating workflow webhooks using "Signature v3"?

0 Upvotes
2 Replies 2
PamCotton
Community Manager
Community Manager

Problem validating request signatures in workflow webhooks

Hey @JPaulo1, Happy Monday!

 

Thank you for posting in our Community!  Please ensure your server's clock is synchronized, your hashing logic strictly follows HubSpot's guidelines, and you're using the exact raw payload. I want to share this document here with more information:

Validating requests from HubSpot.

 

To our top experts, @Anton and @evaldas do you have any recommendations for @JPaulo1 matter?

 

Thank you,

Pam

Você sabia que a Comunidade está disponível em outros idiomas?
Participe de conversas regionais, alterando suas configurações de idioma !


Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !




0 Upvotes
JPaulo1
Participant

Problem validating request signatures in workflow webhooks

Hello, thank you for your response.

I believe my logic for ha_sh validation is correct because, in most requests, it works, but for some, it returns an invalid ha_sh. Remember that I was using the v3 signature. However, I just implemented the code to validate the v2 signature, and I’m encountering the same issue: most of the time, the validation works fine, but in some specific cases, the ha_sh validation fails.

This leads me to believe that the issue is not with the code that validates the ha_sh in my system, as it doesn’t make sense for it to work most of the time and fail on some requests.

I thought there might be some inconsistency in using the v3 signature to validate webhooks from workflows, but now that I’ve implemented the v2 signature and am experiencing the same issue, I’m not sure what it could be.
One important note: I’m currently in the sandbox environment.

0 Upvotes