Hello,
I found a strange situation where the signature is valid or invalid depending on the amount.
Briefly: if authAmount in returned webhook body in format #.## (example 1.01 or 2.01) - then verifying signature is success
If authAmount has format *.# or * (example 1.1 or 2) - then verifying signature is failed.
Here is my example of webhook with amount 1.1
Sandbox environtment (live mode)
My signature key:
A6214F6105625D5ED957CF02E749BB440DBD4E418533D219CAD26AECD104BFFE7F47DBBE5C81927CCA484AE7722BE82CE57FB5318EDE02122277A2FE90EE68EB
Webhook notification's body:
{"notificationId":"570f7282-687a-42b7-903b-48e487d7694d","eventType":"net.authorize.payment.authcapture.created","eventDate":"2023-12-12T12:45:09.3492643Z","webhookId":"a585ea29-a370-495a-bd83-f9be7160f260","payload":{"responseCode":1,"avsResponse":"P","authAmount":1.1,"merchantReferenceId":"2M4zHFzshYBudvgIZ11B","entityName":"transaction","id":"120011377052"}}
My local hash result:
sha512=0B031880F04DD8D6C98F06A234032575B19393716F7FCE84C62D4901F257D29808DF520CEFCD0225FE4374697769B6A2ED336B463031EA861C73F3396357A605
x-anet-signature:
sha512=8E3D41B0191A9A1E668FB729F350B73C6BBB81D676070FE7CFF001CA2543ABA91BD16A4374A0F6FA4542659728C7DAF79D7EC901FEC582FC2DA3263A2D604DCF
As you see result hash is different.
But if I manually change in body from "authAmount":1.1 to "authAmount":1.10 (this is not what the client side should do)
then hash will be
sha512=8E3D41B0191A9A1E668FB729F350B73C6BBB81D676070FE7CFF001CA2543ABA91BD16A4374A0F6FA4542659728C7DAF79D7EC901FEC582FC2DA3263A2D604DCF
whish is equals to x-anet-signature header.
Could anyone help with this situation?
Thanks in advance.
