Webhook Signature Validation Issue Python

I am trying to verify the x-sendbird-signature in a webhook request using python. I have followed the documentation but signature I am generating is different from what I have received via webhook.

Webhook Header
POST /inspect/01f7mzz7ecbqjtb983h25g1rsy HTTP/1.1
requestinspector.com
Accept: /
X-Datadog-Trace-Id: 5337463762656296860
Cf-Request-Id: 0a8ba40da800005229e182e000000001
Content-Type: application/json
X-Datadog-Sampling-Priority: 1
User-Agent: SendBird
Content-Length: 374
Accept-Encoding: gzip
X-Sendbird-Signature: 433d4a0877c86f0faf53a980ce8666bb65b8f308af2cb799eab40bfc72c64c24
X-Signature: 433d4a0877c86f0faf53a980ce8666bb65b8f308af2cb799eab40bfc72c64c24
X-Datadog-Parent-Id: 7172508198697502604
Unicode-Escaped: true

Response Body:
{“category”:“open_channel:create”,“created_at”:1623129257000,“operators”:,“app_id”:“3CF528A5-523E-4E6B-9CA0-749360D6853E”,“channel”:{“is_super”:false,“is_distinct”:false,“name”:“testing-channel2”,“custom_type”:"",“is_ephemeral”:false,“data”:"",“channel_url”:“sendbird_open_channel_11554_8f2c89dae26ef3a19da04a06ec89a4cf98cda99f”,“is_discoverable”:false,“is_public”:false}}

Here is my code
body = {“category”:“open_channel:create”,“created_at”:1623129257000,“operators”:,“app_id”:“3CF528A5-523E-4E6B-9CA0-749360D6853E”,“channel”:{“is_super”:false,“is_distinct”:false,“name”:“testing-channel2”,“custom_type”:"",“is_ephemeral”:false,“data”:"",“channel_url”:“sendbird_open_channel_11554_8f2c89dae26ef3a19da04a06ec89a4cf98cda99f”,“is_discoverable”:false,“is_public”:false}}

def validate_signature(request: Request, body):
key = bytes(api_token, ‘utf-8’)
incoming_signature = request.headers.get(‘x-sendbird-signature’)
signature_to_compare = hmac.new(
key=key,
msg=bytes(str(body).encode(‘utf8’)),
digestmod=hashlib.sha256).hexdigest()

assert incoming_signature == signature_to_compare

incoming_signature = ‘433d4a0877c86f0faf53a980ce8666bb65b8f308af2cb799eab40bfc72c64c24’
signature_to_compare =‘6c9efbdd5db48c90634d6a08cb799f91d40d9bda372ea22602a62f65b0a1b824’

Key : b’19217214545b6393ae767de3454b4f9b2167eed1’

I tried various suggestions but with no help.

Thanks in Advance

Hi @Vijay,

Are you comparing the body as JSON or a string? It’s anticipated that you receive the body as a string, and do not convert it to JSON until after it’s been validated.

@Tyler Thanks for the quick response and help. Issue got resolved.

Glad to hear that! Was the issue that the body was being converted prior to signature validation?

Yeah so I was storing body as a json and while signature generation I was converting it back to string.

Makes sense! Glad it was able to be quickly fixed.