I am having troubles validating Zendesk's Webhook Signature for Webhook with JSON body.
I have read the guide and other community post like this and did my own debugging. So please no generic responses.
- Using Node.js
- Managed to successfully validate the signature if its an empty JSON response. Basically the payload will be Timestamp + empty string (aka "")
Basically the snippet of my validation code is:
const digest = crypto.createHmac("sha256", zendeskWebhookSecret).update(timestamp + body).digest("base64");
I have tried various different methods of manipulating the body but NOTHING matches the signature:
- console.log(validateZendeskSignature(case1Body.toString()));
- console.log(validateZendeskSignature(case1Body.toString("utf-8")));
- console.log(validateZendeskSignature(JSON.stringify(case1Body)));
- console.log(validateZendeskSignature(case1Body));
- console.log(validateZendeskSignature('{ "ticket_id: "1240" }'));
- console.log(validateZendeskSignature('{"ticket_id: "1240"}'));
- console.log(validateZendeskSignature('{"ticket_id : "1240"}'));
- console.log(validateZendeskSignature('{"ticket_id:"1240"}'));
- console.log(validateZendeskSignature('{\r\n"ticket_id": "1240"\r\n}'));
- console.log(validateZendeskSignature('{\r\n"ticket_id":"1240"\r\n}'));
- console.log(validateZendeskSignature('{\n"ticket_id":"1240"\n}'));
One thing I know for sure the validation code is working (e.g. signature matching) for empty JSON request payload - as such, the issue is 100% with how Zendesk formats the JSON request payload.
Can someone provide an actual sample as to what is the exact format for the JSON request body that is required?