Problem validating request signatures in workflow webhooks
I am validating the request signature for webhooks triggered by workflows using the "Signature v3" header. However, I have noticed that in some requests, the ha_sh does not match, even though the same code validates correctly most of the time. Does anyone know if there are any inconsistencies with HubSpot when validating workflow webhooks using "Signature v3"?
Thank you for posting in our Community! Please ensure your server's clock is synchronized, your hashing logic strictly follows HubSpot's guidelines, and you're using the exact raw payload. I want to share this document here with more information:
Problem validating request signatures in workflow webhooks
Hello, thank you for your response.
I believe my logic for ha_sh validation is correct because, in most requests, it works, but for some, it returns an invalid ha_sh. Remember that I was using the v3 signature. However, I just implemented the code to validate the v2 signature, and I’m encountering the same issue: most of the time, the validation works fine, but in some specific cases, the ha_sh validation fails.
This leads me to believe that the issue is not with the code that validates the ha_sh in my system, as it doesn’t make sense for it to work most of the time and fail on some requests.
I thought there might be some inconsistency in using the v3 signature to validate webhooks from workflows, but now that I’ve implemented the v2 signature and am experiencing the same issue, I’m not sure what it could be. One important note: I’m currently in the sandbox environment.