Verify webhook signature, wrong documentation?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm testing webhooks, triggered some events with the simulator and got this header:
[PAYPAL-TRANSMISSION-SIG] => KOhSYOtSdtTDuflM2vTBzfwWdh3YvQRS7dSekbEi1wRML/qW+cJ/+wcvtz1KRtf2jHeiLgaZ6IQ1/0z+hueEga9Q7fWHelUdfRoEKzjenfMKUcqPtN87y7knkVig4vbAz+yoTxCCE8wi030MWk2WBvG/U7Zl1IdMs0j9KKPo/lVUZXXvKYb6xwcF5AztOZFeZUwvPeD8yHn2yohRJzkazkSq32mB/LDatUaKTTqh+HH0rUXXh+ApM7aQxiMA6OrmeHmnq05Vh39PlqmHNGofr9Cs4SyKiu4v/M5gkbtXtcINmbg7TYTyCl9LaA98Majl30TwRFXnHT+a9X8hASFWnw==
The documentation (https://developer.paypal.com/docs/integration/direct/webhooks/notification-messages/#event-headers) says that the signature is a concatenation of fields using pipe "|" as a separator. But I don't see any pipes in the signature I received.
Any ideas on how to verify the signature I received from the simulator?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The value you're seeing is an encrypted value. In order to generate that same value and compare you need to create the pipe "|" separated string and then run it through the same encryption algorithm, which they're specifying in the PAYPAL-AUTH-ALGO header. Once you have the encrypted string you can compare that to PayPal's string and if they match then it validates.
Again, though, I just quickly reviewed this so I'm not 100% sure, but that's what it looks like to me at this point. Hope that helps.
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- webhook deregistration in REST APIs
- PAYMENT.SALE.COMPLETED signature verification failed in sandbox mode in REST APIs
- paypal web hook verification in php for woocommerce plugin in REST APIs
- Any well-documented way forward for Ruby/Rails, Subscriptions, Webhooks? in REST APIs
- Integration options that include a redirect to the PayPal website for payment processing in REST APIs