How can we help?

Lightspeed’s Help Centre is here to provide support, tips and troubleshooting

HMAC Tips for Webhooks

Our API guides here go over details on how to verify Webhooks that Lightspeed sends you using HMAC.

https://apidoc.kounta.com/webhooks/#verifying-webhooks

Please note that the algorithm used is SHA256.

One thing to be aware of is that when you are comparing the data payload we are sending you, you must be comparing it in the exact format we send it to you in.

Using a beautify tool or json.stringify or any other conversion process that can change the formatting or clear off escape characters, etc can cause conflicts with the Signature process.

Note that this payload was formatted, resulting in a non-matching signature and HMAC result:

bad.png

 

This one is NOT formatted, and is using the raw payload, and has a matching signature and payload.

correct.png

Was this article helpful?
1 out of 1 found this helpful