Does anyone have an example of validating the signature of a webhook? The documentation is very limited. I’ve been able to successfully create the webhooks and am receiving the data, but am struggling with the HMAC validation of the signature.
I’m currently writing this in Golang, but any examples would help.
package bitmovin
import (
"crypto/hmac"
"crypto/sha512"
"encoding/hex"
"os"
)
var SignitureHeader = "Bitmovin-Signature"
func SignatureValidation(payload string, verify string) (bool) {
secret := os.Getenv("BITMOVIN_HOOK_SCERET")
return checkHash(secret, payload, verify)
}
func computeHash(secret []byte, payload []byte) string {
mac := hmac.New(sha512.New, secret)
mac.Write(payload)
hex := hex.EncodeToString(mac.Sum(nil))
return hex
}
func checkHash(secret string, payload string, verify string) bool {
return hmac.Equal([]byte(verify), []byte(computeHash([]byte(secret), []byte(payload))))
}