APIs & Integrations

Paul-Harapiak
Participant

Unable to validate signature on workflow webhook request

SOLVE

I've been through the docs, the other questions posted here, and I'm still unable to discover what I'm doing wrong. I have created a private app (id=2086776)

  • On my workflow's webhook definition, I've specified "Include request signature in header", and specified the id of my app
  • I'm using the "Test" button on the webhook editor pane, and ngrok to get to my local server.
  • the request comes to my server with a version header "v2", and  both x-hubspot-signature and x-hubspot-signature-v3 values. 
  • I'm calling the Hubspot Nodejs SDK method Signature.isValid(), with these values:
    • {
      clientSecret: 'pat-na1-24***my private app access key',
      method: 'POST',
      requestBody: '{"email":"ph@test.com","phone":"+2223334444","orgType":"Carrier","lastName":"Hara","firstName":"Paul","companyName":"Sumac"}',
      signature: 'c174e6ffe4910dbbfe366a3c2afd499ef0c70e1c24824d317a1d1e81aa6c713f',
      signatureVersion: 'v2',
      timestamp: 1695833200131,
      url: 'https://6e49-199-91-115-68.ngrok-free.app/demo-api/users/create-demo-user'
      }

Can you spot my error?

More info: 

  • I've also tried to verify the v3 signature, using the whole url, and just the "/demo-api/users/create-demo-user" part, but got no match
  • I have tried Signature.getSignature() with the above values, and get a different result, but if I pass that result into Signature.isValid, I get a passing result. (for both v2 and v3)

I'm wondering if I've misunderstood the use of private app keys and how they are used to generate the signature on the hubspot side.

The app number I've supplied for the webhook config matches my private app, and I've copied the Access token from my private app to use on my server as the clientSecret.  (I've noticed an oddity: If I drop a couple digits off the "Hubspot App Id" value in the webhook config screen, and test, I don't get an error, and I get a different signature.)

0 Upvotes
1 Accepted solution
Jaycee_Lewis
Solution
Community Manager
Community Manager

Unable to validate signature on workflow webhook request

SOLVE

Hi, @Paul-Harapiak 👋 I did a bit of testing.

 

A few questions:

  • Have you opted your user or the entire portal into this beta? 
    CleanShot 2023-09-28 at 16.18.29.png
  • Once opted in, when you navigate to Settings > Private Apps > Your App > the Auth tab, do you see both the Access token and Client secret options? 
    CleanShot 2023-09-28 at 16.25.20.png

I ask because it looks like you've input your Access token and not the secret. I didn't have it in my portal until I opted myself in.

 

Talk soon! — Jaycee

linkedin

Jaycee Lewis

Developer Community Manager

Community | HubSpot

View solution in original post

0 Upvotes
3 Replies 3
Jaycee_Lewis
Solution
Community Manager
Community Manager

Unable to validate signature on workflow webhook request

SOLVE

Hi, @Paul-Harapiak 👋 I did a bit of testing.

 

A few questions:

  • Have you opted your user or the entire portal into this beta? 
    CleanShot 2023-09-28 at 16.18.29.png
  • Once opted in, when you navigate to Settings > Private Apps > Your App > the Auth tab, do you see both the Access token and Client secret options? 
    CleanShot 2023-09-28 at 16.25.20.png

I ask because it looks like you've input your Access token and not the secret. I didn't have it in my portal until I opted myself in.

 

Talk soon! — Jaycee

linkedin

Jaycee Lewis

Developer Community Manager

Community | HubSpot

0 Upvotes
Paul-Harapiak
Participant

Unable to validate signature on workflow webhook request

SOLVE

Thank you, that did it for me. I was unaware of the beta program for using private apps in workflow webhooks.  Once I enrolled I was able to see the secret key, and successfully use it to verify the webhook signature.

Jaycee_Lewis
Community Manager
Community Manager

Unable to validate signature on workflow webhook request

SOLVE

Amazing! Thanks for letting us know — Jaycee

linkedin

Jaycee Lewis

Developer Community Manager

Community | HubSpot

0 Upvotes