cancel
Showing results for 
Search instead for 
Did you mean: 

Verify WebHook Notifications example

The documentation here https://developer.authorize.net/api/reference/features/webhooks.html#Verifying_the_Notification talks about the verification process for WebHook response. Is there and example available on how to implement this in Java?

ashish1871
Contributor
1 ACCEPTED SOLUTION

Accepted Solutions

Hi @ashish1871

 

You can have a look at this repo https://github.com/dns12345/AuthNet.WebHooks  

 

We are also in progress of building a sample app for Webhooks which will be published soon . 

 

Thanks





Send feedback at developer_feedback@authorize.net

View solution in original post

Anurag
Moderator Moderator
Moderator
9 REPLIES 9

Hi @ashish1871

 

You can have a look at this repo https://github.com/dns12345/AuthNet.WebHooks  

 

We are also in progress of building a sample app for Webhooks which will be published soon . 

 

Thanks





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator

This link no longer works.

coppercup
Regular Contributor

Try this link 

 

https://github.com/dns12345/AuthNet.WebHooks/tree/master/AuthNet.WebHooks

 

Also checkout our new Webhook Sample App at https://github.com/AuthorizeNet/webhooks-sample-app

 

Thanks





Send feedback at developer_feedback@authorize.net

I had the exact same problem:

How to verify X-Anet-Signature?

 

So I have to use raw json encoded string as received on my endpoint. Without any modification, concatenation of name-value pairs with specials characters etc.

It is very simple! Why not mentioned in the official documentation?

It only says:

"The client application can generate the same HMAC-SHA512 hash using the webhook notification's body and the merchant's Signature Key."

And poor developer does not understand what "body" means... :-)

I have followed the documentation for verifying the notification as well as Ruby code for it: https://github.com/AuthorizeNet/sample-code-ruby/blob/master/Sha512/compute-transhash-sha512.rb

 
Still, the signature generated by me and the X-ANET-Signature is not matching. 
 
Can you please guide me with Ruby code to generate the HMAC-SHA512 hash?

Hi,

I write down a nodejs code and it doesn't work all the time. Sometimes it matches and sometimes it doesn't match. What could  be the reason?

const crypto = require('crypto');
app.post("/authorize/payment/created", (req, res)=> {    
    const hash = crypto.createHmac('sha512', signature_key)
                   .update(JSON.stringify(req.body))
                   .digest('hex')
                   .toUpperCase();
    if ("sha512="+hash != req.headers["x-anet-signature"]) {
        console.log({
            result: false,
            header: req.headers["x-anet-signature"],
            hash
        })
        // do something
        return;
    }
   // do something
});
nan40411
Member

You guys really need to update your API documentation, something so ridiculously simple once again made difficult due to lack of documentation.

scottiescott
Member

its not "x-anet-signature" its case sensitive so it should be

X-ANET-Signature

 If you're using Java, get HmacUtils from commons-codec. Then you just pass your sig key like so and can compare with hmacHex on the body. It will return the hash as a string then you just compare them. 

HmacUtils h = new HmacUtils(HMAC_SHA_512, "<SIG_KEY>");
h.hmacHex("<REQUEST_BODY>");
JeffGTech
Member