Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
I am currently testing the webhook and am successfully receiving change notifications, however, the X-Dropbox-Signature doesn't match my calculation during message validation.
To find a solution I have tried comparing my results to the results using the python code example in the Webhooks tutorial as well as the java example in github. All three of my generated signatures are the same and they don't match the one in the X-Dropbox-Signature header value.
I am using my application's secret key to create the secret key and using hmacSHA256 as the algorithm to encrypt the body of the request.
Any help would be much appreciated.
Hi David, I put together this test based on real values for an app I tried this with:
import hmac from hashlib import sha256 # copied from App Console: (now revoked, so it's safe to share this as a sample) APP_SECRET = 'prozr59vkis4454' print(APP_SECRET) # received as X-Dropbox-Signature header in a webhook notification: signature = 'aa2508fb90b757aa382edb0815c7f7df0ce1943c53f28fae96e1dc9eb7f677b1' print(signature) # received as body of webhook notification: body = '{"list_folder": {"accounts": ["dbid:AABL4QRrY7tB9viLgPUqmjkzE6Fe5ujlnlE"]}, "delta": {"users": [22575230]}}' print(body) expected_signature = hmac.new(APP_SECRET, body, sha256).hexdigest() print(expected_signature) print(hmac.compare_digest(signature, expected_signature))
That gave me:
prozr59vkis4454 aa2508fb90b757aa382edb0815c7f7df0ce1943c53f28fae96e1dc9eb7f677b1 {"list_folder": {"accounts": ["dbid:AABL4QRrY7tB9viLgPUqmjkzE6Fe5ujlnlE"]}, "delta": {"users": [22575230]}} aa2508fb90b757aa382edb0815c7f7df0ce1943c53f28fae96e1dc9eb7f677b1 True
The comparison returned True for me, so it appears to be working as expected.
Please use these values to check your implementation(s). If your implementations produce the same value, then the issue is likely with the input data being supplied to hmac.new. In that case, make sure your web framework is passing along the raw webhook notification body. Any slight change, e.g., even an extra added new line at the end, would change the calculation.)
Thanks. The code I am using returned the result you got. So I will review the message body of the request to make sure I am getting a raw result.
Greg, thanks for the tip, it works. The issue was that I was using the Play! Framework and was automatically parsing the body into JSON and then turning it into a string, which eliminated the spaces in the body. I changed the Action to use a text parser instead of a JSON parser and all worked perfectly. Thank you so much for the help.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!