WooCommerce Webhooks Auth (secret & signature) - how to use

node.js wordpress api hash woocommerce

The signature needs to be checked against the body and not the JSON it contains. i.e. the raw bytes of the req.body.

Modify the `bodyParser` first:

const rawBodySaver = (req, res, buf, encoding) => {  if (buf && buf.length) {    req.rawBody = buf.toString(encoding || 'utf8');  }};app.use(bodyParser.json({ verify: rawBodySaver }));app.use(bodyParser.urlencoded({ verify: rawBodySaver, extended: true }));app.use(bodyParser.raw({ verify: rawBodySaver, type: '*/*' }));

and then, using crypto (it is distributed with node you don't need to `npm install` anything.)

import crypto from 'crypto'; //Let's try with built-in crypto lib instead of cryptoJSrouter.post('/', function (req, res) {  const secret = 'ciPV6gjCbu&efdgbhfgj&¤"#&¤GDA';  const signature = req.header("X-WC-Webhook-Signature");  const hash = crypto.createHmac('SHA256', secret).update(req.rawBody).digest('base64');  if(hash === signature){    res.send('match');  } else {    res.send("no match");  }});

node.js wordpress api hash woocommerce

I hope below will save someone some time.

// Make sure to add a WISTIA_SECRET_KEY in your Environment Variables// See https://docs.pipedream.com/environment-variables/const secret = process.env.SELF_AUTOMATE_KEY;const signature = event.headers["x-wc-webhook-signature"];const body = steps.trigger.raw_event["body_b64"];const clean_Body = body.replace("body_b64: ", "");//const body = steps.trigger.raw_event;console.log(event.headers["x-wc-webhook-signature"]);console.log("Print Body", clean_Body);if (process.env.SELF_AUTOMATE_KEY === undefined) {  $end("No WISTIA_SECRET_KEY environment variable defined. Exiting.")}if (!("x-wc-webhook-signature" in event.headers)) {  $end("No x-wc-webhook-signature header present in the request. Exiting.")}// Once we've confirmed we have a signature, we want to // validate it by generating an HMAC SHA-256 hexdigestconst crypto = require('crypto');const hash = crypto.createHmac('sha256',  secret).update(JSON.stringify(clean_Body), 'base64').digest('base64');console.log(hash);// $end() ends the execution of a pipeline, presenting a nice message in the "Messages"// column in the inspector above. See https://docs.pipedream.com/notebook/code/#endif (hash !== signature) {  $end("The correct secret key was not passed in the event. Exiting!")}

CodeHunter

WooCommerce Webhooks Auth (secret & signature) - how to use

Modify the `bodyParser` first:

and then, using crypto (it is distributed with node you don't need to `npm install` anything.)

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last

WooCommerce Webhooks Auth (secret & signature) - how to use

Modify the bodyParser first:

and then, using crypto (it is distributed with node you don't need to npm install anything.)

Recent Posts

Modify the `bodyParser` first:

and then, using crypto (it is distributed with node you don't need to `npm install` anything.)