Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How to test WebHook HMAC signature (using python)

            Modified on Thu, 31 Oct at 4:48 PM

            I. Objective: Testing the WebHook HMAC signature in a Flinks instance using python.

            II. Requirements:

            • i. Have a Flinks PROD, STAGE or DEV instances.*
            • ii. Have the webhooks enabled**
            • iii. Have the HMAC enabled**
            • iv. Have the HMAC SecretKey**


            Observation:
                * It's not possible to test it on a sandbox or toolbox instance.

                ** Confirm with help-integration@flinks.com if the products are set up to your instance.


            III. Testing procedures:

            1. Connect a new card using the instance iframe.
            2. After the card is successfully connected and the data proceeded by Flinks, confirm if you received the GetAccountsDetail webhook payload.
            3. Open the payload and fetch the following data:
              • i. webhook_signature (flinks-authenticity-key):
                • Example:
              • ii. webhook_payload:
                • Example:


            4. Adjust the Python code below, adding the following respective variable values to the ###2. Variable### session.
              • webhook_signature (see chapter II.iv.)
              • webhook_secret (see chapter III.3.i. )
              • webhook_payload (see chapter III.3.ii.)
            ####1. libraries###
from endpoints import *
import hmac
import hashlib
import json
import base64
 
###2. Variables###
webhook_signature = 'Insert the Webhook Authentification Signature (see chapter II.iv.)'
webhook_secret = 'Insert the HMAC SecretKey ( see chapter III.3.i. )'
webhook_payload = 'Insert the raw HMAC payload response ( see chapter III.3.ii.)'
 
###3. HMAC Verification###
message = bytes(webhook_payload, 'utf-8')
secret = bytes(webhook_secret, 'utf-8')
signature = base64.b64encode(hmac.new(secret, message, hashlib.sha256).digest())
print ("\n",'\033[1m','\033[4m',"HMAC Test: START",'\033[0m')
print ("\t"," Calculater Authenticity Key:", signature.decode('utf-8'))
print ("\t"," Webhook Authenticity Key:", webhook_signature)
if signature.decode('utf-8') == webhook_signature:
    print("\t",'\033[1m','Webhook IS authentic.','\033[0m')
 
else:
    print("\t",'\033[1m','Webhook IS NOT authentic.','\033[0m')
print ('\033[1m','\033[4m',"HMAC Test: END",'\033[0m',"\n")

            5. Run the code, and you will receive one of the 2 different responses:

            • If you get a "Webhook IS authentic." response, the test worked, and the webhook is authentic. 
            • If you get "Webhook IS NOT authentic." it means something failed in the testing process. In this case, review the previous step and adjust the code accordingly.

            IV. Example:


            Attached to this documentation is the file: "HMAC_TEST SCRIPT (example with FC dummy data).py"
            This example shows how the Python script works using Flinks Capital dummy data. 


            If you need any support, please contact the  help-integration@flinks.com.

            Attachments (1)

            py

            HMAC_TEST SC....py
            72.6 KB

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0