WooCommerce webhook signature validation

dexteritypd · Member · Dec 14, 2023 at 2:11 am
Copy link

Add topic to favorites
Hello,

Does anyone have information on how to validate the signature from a webhook request generated by WooCommerce?

From my understanding, you are supposed to hash the message body using HMAC SHA256 with the salt being the secret key setup for the webhook. You then base64 encode the the hashed value and compare it to the value from the header signature property.

I have noticed the signature value provided in the header does not base64 decode properly. This leads me to think either it is broken or I am incorrect on the process for this.

If someone can please advise I would appreciate it.

WP.com: Yes
Jetpack: Yes
Correct account: Yes

The blog I need help with is: (visible only to moderators and staff)
dragstor · Member · Dec 14, 2023 at 6:43 am
Copy link
Hi there! 👋🏼

I suggest referring to the Woo Developer guides on this URL:

https://developer.woo.com/

Additionally, remember that we won’t be able to provide unlimited support for Woo — you can learn more about the support policy here: https://woocommerce.com/support-policy/.

The topic ‘WooCommerce webhook signature validation’ is closed to new replies.

Couldn't find what you needed?

Contact us

Get answers from our AI assistant, with access to 24/7 expert human support on paid plans.

Browse our guides

Find step-by-step solutions to common questions in our comprehensive guides.