Hello,
I'm trying to test the webhook with Xero and they state in their documentation that:
If the payload is hashed using HMACSHA256 with your webhook signing key and base64 encoded, it should match the signature in the header. This is a correctly signed payload. If the signature does not match the hashed payload it is an incorrectly signed payload.
I've configured the webhook following their instruction
I can see in the log that the error message is "Invalid Signature - Hash does not match"
Also, I've seen in their doc that:
To gain Intent to receive validation, the receiving url must respond with a 2xx status for all correctly signed payloads and status: 401 Unauthorized for all incorrectly signed payloads.
And the response sent in the log is 400 Bad Request, which is different from an unauthorized request. I would expect an authentication failure to return a 401.
How could I configure this? Is there an easy way to see what the webhook received and failed to process? like a deadletter queue or something we could use to investigate or detect issues on the upstream?
Hello,
I'm trying to test the webhook with Xero and they state in their documentation that:
I've configured the webhook following their instruction
I can see in the log that the error message is "Invalid Signature - Hash does not match"
Also, I've seen in their doc that:
And the response sent in the log is 400 Bad Request, which is different from an unauthorized request. I would expect an authentication failure to return a 401.
How could I configure this? Is there an easy way to see what the webhook received and failed to process? like a deadletter queue or something we could use to investigate or detect issues on the upstream?