square webhook validate signature
// The crypto module provides cryptographic functionality
const crypto = require('crypto');
// const body = JSON.stringify(req.body);
// const signature = req.header('x-square-signature');
function isValidSignature(body, url, signature) {
// Concatenate your notification URL and
// the JSON body of the webhook notification
const combined = url + body;
// Webhook subscription signature key defined in dev portal for app
// webhook listener endpoint: https://webhook.site/my-listener-endpoint
// Note: Signature key is truncated for illustration
const signatureKey = 'uTYf8X...0HGvYg';
// Generate the HMAC-SHA1 signature of the string
// signed with your webhook signature key
const hmac = crypto.createHmac('sha1', signatureKey);
hmac.write(combined)
hmac.end()
const checkHash = hmac.read().toString('base64');
// Compare HMAC-SHA1 signatures.
if (checkHash === signature) {
console.log('Validation success!');
} else {
console.log('Validation error.');
}
}