Webhook match signatureString and x-signature

[RafaelKuhn1212]

function validateIsMp(conString:string,req:RawBodyRequest,heders:any,secret:string){

const list = conString.split(",")

const crypto = require('crypto');
// post;[urlpath];data.id=[data.id_url];type=[topic_url];user-agent:mercadopago webhook v1.0;[timestamp];action:[json_action];api_version:[json_apiversion];date_created:[json_datecreated_RFC3339];id:[id_json];live_mode:[livemode_json];type:[type_json];user_id:[userid_json];
// post;12fd-45-178-154-68.ngrok-free.app/webhook/mercadoPago;data.id=123456;type=payment;user-agent:mercadopago webhook v1.0;1706644512742;action:updated;api_version:8;date_created:2021-11-01T02:02:02Z;id:123456;type:subscription_preapproval
console.log(req.originalUrl.split("?")[1].match("data.id=(.*)"))
var fullUrl = req.get('host') + req.originalUrl.split("?")[0];
fullUrl = fullUrl.replace(/^https?:///, '');

let signatureString = post;${fullUrl}; +
(req.body.data && req.body.data.id ? data.id=${req.originalUrl.split("?")[1].match("data.id=(.*)&")[1]} : "") +
";type=payment;user-agent:mercadopago webhook v1.0" +
(conString && conString.split(",")[1] ? ;${conString.split(",")[0].split("=")[1]} : "") +
(req.body.action ? ;action:${req.body.action} : "") +
(req.body.api_version ? ;api_version:${req.body.api_version} : "") +
(req.body.date_created ? ;date_created:${req.body.date_created} : "") +
(req.body.id ? ;id:${req.body.id} : "") +
(req.body.live_mode ? ;live_mode:${req.body.live_mode} : "") +
(req.body.type ? ;type:${req.body.type} : "") +
(req.body.user_id ? ;user_id:${req.body.user_id} : "");
console.log(signatureString)
const cyphedSignature = crypto
.createHmac('sha256', secret)
.update(signatureString)
.digest('hex');
console.log(cyphedSignature,req.headers["x-signature"])

}
y have this code to validate if the webhook is realy from mercadopago, but the hash never match with x-signature, can some one tell what is wrong?

[NandoAtr]

Tengo el mismo problema, la falta de documentación clara y ejemplos de trabajo está afectando a mi equipo y a mis amigos de trabajo.

function validateIsMp(conString:string,req:RawBodyRequest,heders:any,secret:string){

const list = conString.split(",")

const crypto = require('crypto'); // post;[urlpath];data.id=[data.id_url];type=[topic_url];user-agent:mercadopago webhook v1.0;[timestamp];action:[json_action];api_version:[json_apiversion];date_created:[json_datecreated_RFC3339];id:[id_json];live_mode:[livemode_json];type:[type_json];user_id:[userid_json]; // post;12fd-45-178-154-68.ngrok-free.app/webhook/mercadoPago;data.id=123456;type=payment;user-agent:mercadopago webhook v1.0;1706644512742;action:updated;api_version:8;date_created:2021-11-01T02:02:02Z;id:123456;type:subscription_preapproval console.log(req.originalUrl.split("?")[1].match("data.id=(.*)")) var fullUrl = req.get('host') + req.originalUrl.split("?")[0]; fullUrl = fullUrl.replace(/^https?:///, '');

let signatureString = post;${fullUrl}; + (req.body.data && req.body.data.id ? data.id=${req.originalUrl.split("?")[1].match("data.id=(.*)&")[1]} : "") + ";type=payment;user-agent:mercadopago webhook v1.0" + (conString && conString.split(",")[1] ? ;${conString.split(",")[0].split("=")[1]} : "") + (req.body.action ? ;action:${req.body.action} : "") + (req.body.api_version ? ;api_version:${req.body.api_version} : "") + (req.body.date_created ? ;date_created:${req.body.date_created} : "") + (req.body.id ? ;id:${req.body.id} : "") + (req.body.live_mode ? ;live_mode:${req.body.live_mode} : "") + (req.body.type ? ;type:${req.body.type} : "") + (req.body.user_id ? ;user_id:${req.body.user_id} : ""); console.log(signatureString) const cyphedSignature = crypto .createHmac('sha256', secret) .update(signatureString) .digest('hex'); console.log(cyphedSignature,req.headers["x-signature"])

} y have this code to validate if the webhook is realy from mercadopago, but the hash never match with x-signature, can some one tell what is wrong?

[romerosilva-meli]

Hello @RafaelKuhn1212 @NandoAtr , thanks for reaching out to us.

Unfortunately, this discussion is related to Nodejs SDK issues only. I'll ask you to open a ticket with our support so they can assist you.