Skip to content

Instantly share code, notes, and snippets.

@mcdickenson
Created March 4, 2016 22:19
Show Gist options
  • Save mcdickenson/7f84cb8967228ca43cbf to your computer and use it in GitHub Desktop.
Save mcdickenson/7f84cb8967228ca43cbf to your computer and use it in GitHub Desktop.
require 'json'
require 'openssl'
require 'sinatra'
SIFT_WEBHOOK_SECRET_KEY = "#####"
post '/webhook' do
# Let's check whether this webhook actually came from Sift Science!
# First let's grab the signature from the postback's headers
postback_signature = request.env['X-Sift-Science-Signature']
# Next, let's try to assemble the signature on our side to verify
digest = OpenSSL::Digest.new('sha1')
calculated_hmac = OpenSSL::HMAC.hexdigest(digest, SIFT_WEBHOOK_SECRET_KEY, request.body)
verification_signature = "sha1=#{calculated_hmac}"
if verification_signature == postback_signature
puts "success"
else
raise Exception
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment