Receiving error: Response to incorrectly signed payload not 401 even though I am returning 401

[saqib1324]

Hi, I am trying to integrate webhooks with Ruby on Rails.
These are my logs

So as it can be seen, I am returning 200 for matching requests and 401 for not matching requests but still on Xero side, it says, Intent to receive is required and Response to incorrectly signed payload not 401.

My ruby code for returning statuses is this:

def xero_webhooks
    response = Xero::WebhookManager.call({
      read_body_request: request.body.read,
      request: request,
      params: params
    })
    if response.success?
      head :ok
    else
      head :unauthorized
    end
  end

[RettBehrens]

Hi @saqib1324 I've been unable to replicate the issue using the code below

class WebhooksController < ApplicationController
  skip_before_action :verify_authenticity_token
  
  def webhook
    key = ENV['WEBHOOK_KEY']
    payload = request.body.read
    calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest('sha256', key, payload))
    if calculated_hmac.strip() == request.headers['x-xero-signature']
      render json: {}, status: :ok
    else
      render json: {}, status: :unauthorized
    end
  end
end

Can you please post your app Client ID so we can look into it further?

[pumpkinball]

Hi @saqib1324
Just an update on the webhook signature.
If you try and pull down Rett's XeroAPI/xero-ruby-oauth2-app#93.
The bundle install should update xero-ruby SDK and a few other things.
I also pulled down a new version of Ruby Gems, I did encounter a few issues including one with permissions, and ended up uninstalling rbenv and re-installing it.
Finally I got it working.
For reference here are the versions I'm now working with:-
Rails version 6.0.5
Ruby version ruby 2.7.5p203 (2021-11-24 revision f69aeb8314) [arm64-darwin22]
RubyGems version 3.1.6

Let me know if you're stilling having an issue.