Unable to validate signature on workflow webhook request
SOLVE
I've been through the docs, the other questions posted here, and I'm still unable to discover what I'm doing wrong. I have created a private app (id=2086776)
On my workflow's webhook definition, I've specified "Include request signature in header", and specified the id of my app
I'm using the "Test" button on the webhook editor pane, and ngrok to get to my local server.
the request comes to my server with a version header "v2", and both x-hubspot-signature and x-hubspot-signature-v3 values.
I'm calling the Hubspot Nodejs SDK method Signature.isValid(), with these values:
I've also tried to verify the v3 signature, using the whole url, and just the "/demo-api/users/create-demo-user" part, but got no match
I have tried Signature.getSignature() with the above values, and get a different result, but if I pass that result into Signature.isValid, I get a passing result. (for both v2 and v3)
I'm wondering if I've misunderstood the use of private app keys and how they are used to generate the signature on the hubspot side.
The app number I've supplied for the webhook config matches my private app, and I've copied the Access token from my private app to use on my server as the clientSecret. (I've noticed an oddity: If I drop a couple digits off the "Hubspot App Id" value in the webhook config screen, and test, I don't get an error, and I get a different signature.)
Unable to validate signature on workflow webhook request
SOLVE
Thank you, that did it for me. I was unaware of the beta program for using private apps in workflow webhooks. Once I enrolled I was able to see the secret key, and successfully use it to verify the webhook signature.