Meagan Combs

We have our webhook set up such that it makes a POST request to our internal API. We want to authenticate this request by verifying that it came from zendesk by following the documentation outlined here. 

 

We've setup the NodeJS verification example exactly as described, and pulled the webhook secret from a live webhook, and pulled live webhook invocation request headers for the timestamp and signature, exactly as described for testing our verification logic, and the signed values never match. We have also tried testing the webhook with the static test secret noted here.

 

1. Could we get a list of the most common mistakes made when verifying webhook signatures?
2. Do you have a python example of verifying webhook signatures that we could refer to?
3. Would it be possible to set up a call to speak with a support specialist directly about the issues we're seeing?