Hello @lsr2001 I’m not a django user…more Flask or Bottle…but I know Python I’m comparing your code with mine…and the only thing that pop-up to me is this…
in verify_signature
digest = hmac.new(key, msg=message, digestmod=hashlib.sha256).hexdigest()
File "/usr/lib/python3.8/hmac.py", line 153, in new
return HMAC(key, msg, digestmod)
File "/usr/lib/python3.8/hmac.py", line 88, in __init__
self.update(msg)
File "/usr/lib/python3.8/hmac.py", line 96, in update
self.inner.update(msg)
TypeError: object supporting the buffer API required
Sorry this is not working as expected…had you tried printing out the values to see where the difference is getting created? I mean, I would print message, key and signature, also digest and try to figure out which one is not coming the right way…
I have validated Webhooks on Python, Ruby, Java, Kotlin and PHP…so there’s something sneaky going on here…we’re just not finding it…
The digest which I get using HMAC is completely different then X-Nylas-Signature
I had created the webhook secret from nylas v3 dashboard. Also, the Administration APIs are not working, giving me CORS error. When I tried to fetch webhooks from python sdk getting following error
webhooks = nylas.webhooks.list()
{'request_id': 'ed9da819-cc1d-4031-81bb-171110babc4d', 'data': None}
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/env/lib/python3.9/site-packages/nylas/resources/webhooks.py", line 45, in list
return super().list(path="/v3/webhooks", response_type=Webhook)
File "/env/lib/python3.9/site-packages/nylas/handler/api_resources.py", line 23, in list
return ListResponse.from_dict(response_json, response_type)
File "/env/lib/python3.9/site-packages/nylas/models/response.py", line 96, in from_dict
for item in resp["data"]:
TypeError: 'NoneType' object is not iterable
please look into this… also if we can connect over call to resolve this issue works for me
I am using the same version nylas==6.3.0
How is the X-Nylas-Signature encoded? Like is there any other value used with WEBHOOK_SECRET something like this as it was in v2 Pass in your base 64 encoded<NYLAS_CLIENT SECRET>: with a colon.
Or
what specific part of request.data is encoded?
Sharing screenshot of webhook for reference. The urls are directly pointing to our app endpoints
Yes challenge validation part is working fine. These webhooks got disabled because it kept on failing due to verify_signature returning False. Since then I didn’t reactivate it, captured all the values for key, message and signature and tried to debug but no help
Well, actually failing to verify_signature shouldn’t be a reason for a webhook to get disabled…you can actually skip verify_signature entirely and just read the webhooks, but it’s a good practice not to, because webhooks can be coming from an unknown source…have you checked the logs on the your V3 Dashboard?
logs say got a non-200 response, 401 status code from the webhook endpoint, please make sure it's up and running
because i’ve returned that code if verify_signature fails
I just need to match digest with signature which is request.headers.get("X-Nylas-Signature")
So if I get what exactly is encoded here the issue would be resolved
cc: @Blag@ram