I’m trying to ensure that the data I receive as a webhook comes from hubspot.
The documentation has pretty clear steps to check that, using sha256, the app’s secret id, and the request’s body.
But it doesn’t seem to work for me, the result doesn’t match the
Here’s an example of my code (I tried different variants), in ruby on rails:
base = <my secret> + request.body.to_s hashed = Digest::SHA2.hexdigest(base) puts hashed == request.headers['X-Hubspot-Signature'] # this is false
I copy-pasted the secret from
The hashed value is on the same format than the header (hexadecimal with the same length), it just isn’t the same.
Is there anything I missed?