Trying to understand why my signature check fails. I am using PowerShell to verify Genesys Cloud webhooks.
- Get header
X-GC-Webhook-Signature - Decode base64
- Compare HMAC SHA256 of body
It always mismatches. Here is the code:
$sign = [Convert]::FromBase64String($webhook.Headers['X-GC-Webhook-Signature'])
$expected = [System.Security.Cryptography.HMACSHA256]::new($secret)
$calc = $expected.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($body))
if ($sign -ne $calc) { Write-Host "Invalid" }
Is the body encoding different?