08-10-2023 02:10 PM
Hi,
I created a webhook with a secret through REST API according to https://fivetran.com/docs/rest-api/webhooks#signing. However, my webhook payload does not include a signature in its headers. Any help on this would be appreciated, thanks!
08-28-2023 11:31 AM
Before we try to resolve this issue, can you confirm using this API you are seeing the secret value set in the response body?
If yes, you should have the signature available in the webhook request header as request.headers['x-fivetran-signature-256']
Below is the sample code in javascript for the verification:
import { createHmac } from 'crypto';
const signatureSecret = <YOUR_SECRET>;
const checkSignature = (request) => {
const actualSignature = request.headers['x-fivetran-signature-256'];
if (actualSignature && signatureSecret) {
const expectedSignature = createHmac('sha256', signatureSecret).update(request.body).digest('hex');
if (actualSignature.toUpperCase() === expectedSignature.toUpperCase()) {
console.log(green('Signature OK'));
// Return true if the signature is valid
return true;
} else {
console.log(red('Signature mismatch'));
// Return false if the signature is invalid
return false;
}
}
};