cancel
Showing results for 
Search instead for 
Did you mean: 

HMAC-SHA512 comparing Problem in Nodejs

Hi Everyone

 

I am using webhook after finishing the transactions and getting a key "x-anet-signature" in the header from webhook then after trying to create a hash using text "^" + apiLogin + "^" + transId + "^" + amount + "^" as given in his doc.Please look into my below code and give me suggestions what mistake i made ?


function generateSHA512(textToHash, signatureKey) {

 
var sha512 = require('js-sha512');
if (textToHash != null && signatureKey != null) {
var sig = sha512.hmac(Buffer.from(signatureKey, 'hex'), textToHash).toUpperCase();
return sig;
} else {
return 0;
}
 
}

 

var apiLoginId = "xxxxxxxxxxxx";

var transId = "xxxxxxxxx";

var amount = 10;

var signatureKey = config.SIGNATURE_KEY;
var textToHash = "^" + apiLogin + "^" + transId + "^" + amount + "^"
var SHa512key = generateSHA512(textToHash, signatureKey);
 
SHa512key is not equal to "x-anet-signature".
 
 
also tried other core node js cryto library
// var hmac1 = crypto.createHmac("sha512", Uint8Array.from(Buffer.from(signatureKey)));
// var signed1 = hmac.update(textToHash).digest('hex');
// console.log("signed1",signed1)
// var hmac2 = crypto.createHmac("sha512", Uint8Array.from(Buffer.from(signatureKey, 'utf8')));
// var signed2 = hmac.update(textToHash).digest('hex');
// console.log("signed2",signed2)

but nothing works.Please help.
 

 

 

bitlume
Member
12 REPLIES 12

File log

 

Sep 11 10:51:35 bitlumebeta bitlume-beta: Info: in Authorize .net webhook
Sep 11 10:51:35 bitlumebeta bitlume-beta: typeof Authorize.net callback body object
Sep 11 10:51:35 bitlumebeta bitlume-beta: ----- body: { notificationId: 'eb52739e-15d6-4c30-b9a0-780d07f14f02',
Sep 11 10:51:35 bitlumebeta bitlume-beta: eventType: 'net.authorize.payment.authcapture.created',
Sep 11 10:51:35 bitlumebeta bitlume-beta: eventDate: '2019-09-11T17:51:27.9087307Z',
Sep 11 10:51:35 bitlumebeta bitlume-beta: webhookId: 'a92b9535-f456-4cc6-8b13-30d2a15296ba',
Sep 11 10:51:35 bitlumebeta bitlume-beta: payload:
Sep 11 10:51:35 bitlumebeta bitlume-beta: { responseCode: 1,
Sep 11 10:51:35 bitlumebeta bitlume-beta: authCode: 'Y9U9VL',
Sep 11 10:51:35 bitlumebeta bitlume-beta: avsResponse: 'Y',
Sep 11 10:51:35 bitlumebeta bitlume-beta: authAmount: 80,
Sep 11 10:51:35 bitlumebeta bitlume-beta: entityName: 'transaction',
Sep 11 10:51:35 bitlumebeta bitlume-beta: id: '60127083206' } }

 

In Rest APi we get request body in form of object so how should we create text to hash from object because function which hash the text only takes string.

I think your issue may be that you need to change how you are capturing the request body. I am not good with server side js, however. you should be able to just hash the body as received. Auth.net hashes the body just as they send it  to you, I believe. 

Just ran into the same issue, the following code worked for me in Node.JS using the built in crypto library:

function processNotification(req, res) {
  const signatureHash = req.headers['x-anet-signature'].substring(7).toLowerCase();
  const verificationHash = crypto.createHmac('sha512', config.authorizeNet.signatureKey).update(JSON.stringify(req.body)).digest('hex');

  if (signatureHash !== verificationHash) {
    res.sendStatus(403);
  } else {
    res.sendStatus(200);
  }
}