-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Always showed Intent to receive required on Xero Webhooks and not x-xero-signature header not matched #240
Comments
@RettBehrens @pumpkinball please update me on this issue. |
Hi @hellojunaydiqbal based on your description it's likely the payload is somehow being altered which then causes failure to verify the signature. @pumpkinball is working on adding a webhooks example to our Ruby sample app. Doing some digging and it looks like I might have found something for you: |
@RettBehrens thank you so much for your reply. I already read this discussion on xero forums, this is not right fix for my case. Because if I used You can check it two strings on the above screenshot, the first is from If I'm using
So please provide me with a better solution or any open-source GitHub repo so that I'll get help on webhook. |
@RettBehrens @pumpkinball respond to me on my issue, please! |
Hi @hellojunaydiqbal , I am currently working on this in Ruby on my sample app. So I will keep you posted. |
Hi @hellojunaydiqbal |
Hi @hellojunaydiqbal I've been unable to replicate the issue using the code below class WebhooksController < ApplicationController
skip_before_action :verify_authenticity_token
def webhook
key = ENV['WEBHOOK_KEY']
payload = request.body.read
calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest('sha256', key, payload))
if calculated_hmac.strip() == request.headers['x-xero-signature']
render json: {}, status: :ok
else
render json: {}, status: :unauthorized
end
end
end Can you please post your app Client ID so we can look into it further? |
Hi @hellojunaydiqbal Let me know how you get on. |
Hey @JunaydIqbal |
When a click on Intent to Receive then it always showed me the same like Intent to Received required, not showed 200 OK.
Method for ensuring_security is:
The result is alweays false because the
calculated_hmac.strip()
is not equal torequest.headers['x-xero-signature']
. I think if the intent can't be 200 OK so if I will updation in Contacts or Invoices the webhook can not be received. So What should I do?I want to show a result of 200 OK and after this will get a webhook if updation in invoices and contacts.
Screenshot of which is receiving when click on Intent to Receive:
You can see in the above screenshot that two values can't be equal; first is from
calculated_hmac
and second fromrequest.headers['x-xero-signature']
.And on webhook config at Xero site here:
So how can I get 200 OK at status and receive invoice status (regarding update any invoice), anyone please reply me ASAP. Thanks!
The text was updated successfully, but these errors were encountered: