The docs state: “The signature is generated by signing the raw request body with your shared secret using HMAC-SHA256 and encoding the result in Base64.” My Node.js consumer keeps rejecting valid events because the decoded signature never matches the calculated HMAC. The x-genesyscloud-signature header looks like standard Base64, but Buffer.from(signature, 'base64') produces garbage when compared to my local hash. Am I supposed to strip whitespace or handle URL-safe encoding differently?
You’re likely hitting a newline or carriage return in that raw body. Just trim it explicitly before hashing.
const cleanBody = req.body.replace(/\r?\n/g, '');
const expected = crypto.createHmac('sha256', secret).update(cleanBody).digest('base64');