Skip to content

Instantly share code, notes, and snippets.

@gregawoods
Last active December 3, 2023 01:51
Show Gist options
  • Select an option

  • Save gregawoods/67fde88882c00ae11c2ce11d35306647 to your computer and use it in GitHub Desktop.

Select an option

Save gregawoods/67fde88882c00ae11c2ce11d35306647 to your computer and use it in GitHub Desktop.
How to verify the signature of a webhook posted from the Quickbooks Online, in Ruby on Rails.
def create
digest = OpenSSL::Digest.new('sha256')
hmac = OpenSSL::HMAC.digest(digest, ENV['QUICKBOOKS_VERIFIER'], request.body.read)
base64 = Base64.encode64(hmac).strip
if base64 == request.headers['intuit-signature']
# valid!
render nothing: true, status: 201
else
# not valid!
render text: 'Invalid signature', status: 400
end
end
@gregawoods

Copy link
Copy Markdown
Author

The QUICKBOOKS_VERIFIER value is obtained from your Quickbooks developer dashboard.

https://developer.intuit.com/docs/0100_accounting/0300_developer_guides/webhooks

@Shinta

Shinta commented Apr 16, 2019

Copy link
Copy Markdown

You saved me many hours of research and testing. Thanks man. Quickbooks docs suck.

@phil-lauffenburger

Copy link
Copy Markdown

Very helpful. Thank you!

@jaridnft

jaridnft commented Dec 3, 2023

Copy link
Copy Markdown

Amazing, appreciate this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment