search

grnhse / greenhouse-api-docs

Documentation for Greenhouse Software's APIs
https://developers.greenhouse.io
Apache License 2.0
109 stars 74 forks source link

Code Sample for computing webhook signature in Python #469

Open ShadiNM opened 2 years ago

ShadiNM commented 2 years ago

Hello, i am working with the webhooks and trying to verify the signature. Here you have examples on how to do that with PHP and Ruby. Could you give me an example for how to achieve it in Python? I tried the following

verify_signature(request.META["HTTP_SIGNATURE"], request.body)

def verify_signature(received_signature: str, payload: bytes) -> bool:

    digest = hmac.new(
    os.getenv("SECRET_KEY").encode(),
    payload,
    hashlib.sha256,
    ).hexdigest()

signature = received_signature.lstrip("sha256 ")

if digest == signature:
    return True
return False

I understand that the payload has to be unicode escaped. However the example on the docs does not make sense for me. No matter what I do in Python the <> characters are not unicode escaped. Other special characters are however correctly escaped to their unicode representation like \u016f. So I know how to do the escaping but it seems that Python does not escape <> characters. What can I do?

gat786 commented 2 years ago

This is required. I have been struggling with this as well.

MuhammadNomanIqbal commented 10 months ago

this is required i am also struggling for this isssue