Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

Davidg315's avatar
Davidg315
Explorer | Level 4
9 years ago

X-Dropbox-Signature not matching

I am currently testing the webhook and am successfully receiving change notifications, however, the X-Dropbox-Signature doesn't match my calculation during message validation.

 

To find a solution I have tried comparing my results to the results using the python code example in the Webhooks tutorial as well as the java example in github.  All three of my generated signatures are the same and they don't match the one in the X-Dropbox-Signature header value.

 

I am using my application's secret key to create the secret key and using hmacSHA256 as the algorithm to encrypt the body of the request.

 

Any help would be much appreciated.  

API

4 Replies

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    9 years ago

    Hi David, I put together this test based on real values for an app I tried this with:

     

    import hmac

from hashlib import sha256

# copied from App Console: (now revoked, so it's safe to share this as a sample)
APP_SECRET = 'prozr59vkis4454'
print(APP_SECRET)

# received as X-Dropbox-Signature header in a webhook notification:
signature = 'aa2508fb90b757aa382edb0815c7f7df0ce1943c53f28fae96e1dc9eb7f677b1'
print(signature)

# received as body of webhook notification:
body = '{"list_folder": {"accounts": ["dbid:AABL4QRrY7tB9viLgPUqmjkzE6Fe5ujlnlE"]}, "delta": {"users": [22575230]}}'
print(body)

expected_signature = hmac.new(APP_SECRET, body, sha256).hexdigest()
print(expected_signature)

print(hmac.compare_digest(signature, expected_signature))

    That gave me:

     

    prozr59vkis4454
aa2508fb90b757aa382edb0815c7f7df0ce1943c53f28fae96e1dc9eb7f677b1
{"list_folder": {"accounts": ["dbid:AABL4QRrY7tB9viLgPUqmjkzE6Fe5ujlnlE"]}, "delta": {"users": [22575230]}}
aa2508fb90b757aa382edb0815c7f7df0ce1943c53f28fae96e1dc9eb7f677b1
True

     

    The comparison returned True for me, so it appears to be working as expected. 

     

    Please use these values to check your implementation(s). If your implementations produce the same value, then the issue is likely with the input data being supplied to hmac.new. In that case, make sure your web framework is passing along the raw webhook notification body. Any slight change, e.g., even an extra added new line at the end, would change the calculation.)

     

     

  • Davidg315's avatar
    Davidg315
    Explorer | Level 4
    9 years ago

    Thanks.  The code I am using returned the result you got.  So I will review the message body of the request to make sure I am getting a raw result.

  • Davidg315's avatar
    Davidg315
    Explorer | Level 4
    9 years ago

    Greg, thanks for the tip, it works.  The issue was that I was using the Play! Framework and was automatically parsing the body into JSON and then turning it into a string, which eliminated the spaces in the body.  I changed the Action to use a text parser instead of a JSON parser and all worked perfectly.  Thank you so much for the help.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    9 years ago
    Excellent, I'm glad to hear this is sorted out. Let us know if you run in to any other issues.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!