Ask a Question
Back to All

Webhooks: occasional errors comparing X-Waitwhile-Signature with our computed value

This is kind of embarrassing; it should be easy enough.

If I'm reading the documentation correctly, this should work to calculate the Base-64 string for comparison with the X-Waitwhile-Signature:

private string GetHashedStringFromRemovedBody(string strBody)
string strOurURL = "https://xxx.xxx.xxx/Waitwhile/VisitRemoved";
var getkeyByte = Encoding.UTF8.GetBytes("yyyyyyyyyy");
string strResults = string.Empty;

    using (var hmac = new HMACSHA256(getkeyByte))
        byte[] hashValue = hmac.ComputeHash(Encoding.UTF8.GetBytes(strOurURL + strBody));
        strResults = Convert.ToBase64String(hashValue);
catch (Exception ex)
    log.Error("Error calculating hash from body: " + ex.Message);
return strResults;



...where strBody is from the incoming JSON from Waitwhile (jsonbody.ToString(Newtonsoft.Json.Formatting.None, Nothing)). I've obviously obscured our URI and secret. Also, to simplify the example, this is hard-coded just for Visit.Removed.

This usually works. But sometimes it doesn't, for no apparent reason. Do I have an obvious typo in the above? Do you have a better example of validating X-Waitwhile-Signature in a .NET Web API environment?

Sorry again for the stupid question...