The signature check keeps failing even though the payload looks right. We are using Python to verify the X-NICE-Signature header against the secret.
- Endpoint:
/api/v2/webmessaging/events - Secret: Base64 encoded
- Code:
import hmac
import hashlib
expected = hmac.new(secret.encode(), payload.encode(), hashlib.sha256).hexdigest()
if not hmac.compare_digest(expected, signature):
return 403
The signature variable comes from the header. It always mismatches. Am I encoding the payload wrong?