我正在尝试验证Paypal Webhook数据,但遇到一个问题,该数据总是返回验证状态失败。我想知道是否是因为这都是在沙盒环境中发生的,并且Paypal不允许验证沙盒Webhook事件?我遵循此API文档来实现以下调用:https://developer.paypal.com/docs/api/webhooks/v1/#verify-webhook-signature
相关代码(来自独立的elixir模块):
def call(conn, _opts) do
conn
|> extract_webhook_signature(conn.params)
|> webhook_signature_valid?()
|> # handle the result
end
defp extract_webhook_signature(conn, params) do
%{
auth_algo: get_req_header(conn, "paypal-auth-algo") |> Enum.at(0, ""),
cert_url: get_req_header(conn, "paypal-cert-url") |> Enum.at(0, ""),
transmission_id: get_req_header(conn, "paypal-transmission-id") |> Enum.at(0, ""),
transmission_sig: get_req_header(conn, "paypal-transmission-sig") |> Enum.at(0, ""),
transmission_time: get_req_header(conn, "paypal-transmission-time") |> Enum.at(0, ""),
webhook_id: get_webhook_id(),
webhook_event: params
}
end
def webhook_signature_valid?(signature) do
body = Jason.encode!(signature)
case Request.post("/v1/notifications/verify-webhook-signature", body) do
{:ok, %{verification_status: "SUCCESS"}} -> true
_ -> false
end
end
我从Paypal那里获得了200,这意味着Paypal收到了我的请求,并能够正确地解析它并通过其验证运行它,但是它始终会返回FAILURE作为验证状态,这意味着请求的真实性无法验证。我查看了我发布到其端点的数据,这些数据看起来都是正确的,但是由于某种原因,它没有得到验证。我将发布到API的JSON(从extract_webhook_signature放到Pastebin中,原因是它很大:https://pastebin.com/SYBT7muv
如果有人对此有经验并知道为什么会失败,我很想听听。
答案 0 :(得分:2)
我解决了自己的问题。 Paypal无法规范其Webhook验证请求。当您从Paypal收到POST时,请不要解析请求正文,然后再在验证呼叫中将其发送回给他们。如果您的webhook_event有所不同(即使字段的顺序不同),则该事件将被视为无效,并且您将收到失败消息。您必须阅读原始的POST正文,然后将确切数据发布到webhook_event中的Paypal中。
示例:
如果您收到{"a":1,"b":2}并发回{..., "webhook_event":{"b":2,"a":1}, ...}(请注意json字段与我们收到的内容和我们发回的内容的顺序不同),则您将收到失败消息。您的帖子必须为{..., "webhook_event":{"a":1,"b":2}, ...}
答案 1 :(得分:0)
对于那些为此而苦苦挣扎的人,我想为您提供我的解决方案,其中包括已接受的答案。
开始之前,请确保将 raw_body 存储在您的 conn 中,如 Verifying the webhook - the client side
@verification_url "https://api-m.sandbox.paypal.com/v1/notifications/verify-webhook-signature"
@auth_token_url "https://api-m.sandbox.paypal.com/v1/oauth2/token"
defp get_auth_token do
headers = [
Accept: "application/json",
"Accept-Language": "en_US"
]
client_id = Application.get_env(:my_app, :paypal)[:client_id]
client_secret = Application.get_env(:my_app, :paypal)[:client_secret]
options = [
hackney: [basic_auth: {client_id, client_secret}]
]
body = "grant_type=client_credentials"
case HTTPoison.post(@auth_token_url, body, headers, options) do
{:ok, %HTTPoison.Response{status_code: 200, body: body}} ->
%{"access_token" => access_token} = Jason.decode!(body)
{:ok, access_token}
error ->
Logger.error(inspect(error))
{:error, :no_access_token}
end
end
defp verify_event(conn, auth_token, raw_body) do
headers = [
"Content-Type": "application/json",
Authorization: "Bearer #{auth_token}"
]
body =
%{
transmission_id: get_header(conn, "paypal-transmission-id"),
transmission_time: get_header(conn, "paypal-transmission-time"),
cert_url: get_header(conn, "paypal-cert-url"),
auth_algo: get_header(conn, "paypal-auth-algo"),
transmission_sig: get_header(conn, "paypal-transmission-sig"),
webhook_id: Application.get_env(:papervault, :paypal)[:webhook_id],
webhook_event: "raw_body"
}
|> Jason.encode!()
|> String.replace("\"raw_body\"", raw_body)
with {:ok, %{status_code: 200, body: encoded_body}} <-
HTTPoison.post(@verification_url, body, headers),
{:ok, %{"verification_status" => "SUCCESS"}} <- Jason.decode(encoded_body) do
:ok
else
error ->
Logger.error(inspect(error))
{:error, :not_verified}
end
end
defp get_header(conn, key) do
conn |> get_req_header(key) |> List.first()
end