Building a .NET Core service to handle Genesus Cloud webhooks. Need to verify the signature header to prevent replay attacks. The docs mention HMAC-SHA256 but don’t show the exact calculation logic for the payload. Here is what I have so far:
var key = Encoding.UTF8.GetBytes(webhookSecret);
var hash = new HMACSHA256(key).ComputeHash(Encoding.UTF8.GetBytes(jsonBody));
var signature = Convert.ToBase64String(hash);
Comparing this against the X-Genesys-Signature header fails. Am I missing a specific encoding step or timestamp requirement?