Skip to content

Instantly share code, notes, and snippets.

@mediocretes
Created June 17, 2015 18:22
Show Gist options
  • Save mediocretes/a0c4ac069dec105b167e to your computer and use it in GitHub Desktop.
Save mediocretes/a0c4ac069dec105b167e to your computer and use it in GitHub Desktop.
How to validate a chargify webhook payload
before_filter :validate_chargify_webhook
def validate_chargify_webhook
signature = request.headers["X-Chargify-Webhook-Signature-Hmac-Sha-256"].to_s
body = request.body.read
computed_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), YOUR_CHARGIFY_SITE_KEY, body)
head :unauthorized unless signature == computed_signature
end
@dablurr
Copy link

dablurr commented Dec 27, 2019

Great, thank you ! Thought I had to create and compare two instances based on the signature sent and the site shared key. This is straight forward. Also to whoever is using Hanami controller, you will have to access the headers as follow : request.env['HTTP_X_CHARGIFY']

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment