Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Wrapper libraries >

Intent Validation on NodeJS

Started by Fernando Karnagi -   in Wrapper libraries

Dear All,

I am trying to get the WebHook setup onto my AWS Lambda written NodeJS. I tried so many times, and still could not get it working.

This is my code https://github.com/fernandokarnagi/xero/blob/master/test.js

Both my signature2 and signature do not match the expected xeroSignature variable.

Anyone can advise?

There are no spaces in your stringified object whereas when I get ITR calls, there's a space between the : and the 0 and before and after the entropy key. The signatures match when I use your code with a JSON string which I had received from the ITR process. I recommend you use request.rawBody so that you avoid parsing anything before you have verified the signature. In the body of real webhook calls there are newlines as well as spaces so JSON.stringify is just not going to cut it.

Your basic idea of using the result of crypto.createHmac("sha256", sharedSecret).update(buf).digest("base64") is sound.

The JSON string that works is as follows (replace the strange square brackets):
'{"events":⦗⦘,"firstEventSequence": 0,"lastEventSequence": 0, "entropy": "PFOQNOOYUREBERSGCXDM"}'

Richard Heylen