We’re spinning up a Node.js listener for /api/v2/webhooks/inboundcallback/events and trying to validate the X-Genesys-Signature header. The HMAC-SHA256 calc looks right based on the docs, but the signature never matches the header value.
const expected = crypto.createHmac('sha256', secret).update(body).digest('hex');
Is the body being hashed before or after JSON.stringify? It’s throwing a mismatch every time.