Last active
December 3, 2023 01:51
-
-
Save gregawoods/67fde88882c00ae11c2ce11d35306647 to your computer and use it in GitHub Desktop.
How to verify the signature of a webhook posted from the Quickbooks Online, in Ruby on Rails.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def create | |
| digest = OpenSSL::Digest.new('sha256') | |
| hmac = OpenSSL::HMAC.digest(digest, ENV['QUICKBOOKS_VERIFIER'], request.body.read) | |
| base64 = Base64.encode64(hmac).strip | |
| if base64 == request.headers['intuit-signature'] | |
| # valid! | |
| render nothing: true, status: 201 | |
| else | |
| # not valid! | |
| render text: 'Invalid signature', status: 400 | |
| end | |
| end |
You saved me many hours of research and testing. Thanks man. Quickbooks docs suck.
Very helpful. Thank you!
Amazing, appreciate this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
QUICKBOOKS_VERIFIERvalue is obtained from your Quickbooks developer dashboard.https://developer.intuit.com/docs/0100_accounting/0300_developer_guides/webhooks