Unable to validate v2 request signature with POST method

AMIGEWANT · ‎Aug 8, 2022

Hello,

I'm coming to the forum to ask you how to validate the v2 application signature of Hubspot. Here is my code in PHP :

private function validateRequest(string $hubspotSignature) {
        $clientSecret = config('app.hubspotAppSecret');
        $httpMethod = 'POST';
        $httpUri = 'https://8d33-213-200-220-231.eu.ngrok.io/api/hubspot/lead';
        $requestBody = json_encode($this->data);

        $sourceString = utf8_encode($clientSecret . $httpMethod . $httpUri . $requestBody);
        $hash = hash('sha256', $sourceString);

        return hash_equals($hubspotSignature, $hash);
}

Note 1: I have read all the topics about validation problems but I can't solve my problem with them. However, I noticed that if the requestBody is too long, it is difficult to validate it (in my case it is very long).

Note 2: With my current code, I can validate the signature in the GET method if I remove requestBody in the sourceString.

POST
I think it's a problem with the requestBody: I'm turning a PHP array into JSON with the php method json_encode but maybe Hubspot has a different syntax. So when I json_encode the request body, I get a different body.

Thank you,

AM

Jaycee_Lewis · ‎Aug 8, 2022

Hi, @AMIGEWANT 👋 Welcome to the community.

Hey, @Teun @zaklein @tjoyce do you have any experience here? Or feedback for @AMIGEWANT on how they might troubleshoot this further?

Thank you very much! — Jaycee

Jaycee Lewis

Developer Community Manager

Community | HubSpot

APIs & Integrations