How to verify Memberstack webhook signatures in Python Flask and validate the requests using the signing secret? Answered

August 03, 2024 04:06
10 comments

Hey guys, I need some help with the verification of a webhook. Im programming an app in python on my backend in a flask app. How do I verify the memberstack webhooks? I keep getting "invalid signature" errors.

Comments

10 comments

Raquel Lopez
- August 03, 2024 04:07
You can check this thread, but the documentation should be updated

https://docs.memberstack.com/hc/en-us/community/posts/27019787107739-Ad-hoc-dashboard

0
Felix Gräf
- August 03, 2024 04:26
Hey, I'm still facing the issue with the invalid signature. Could someone give me an example setup how to verify incoming webhooks? Including the header etc. ? Is the header for webhooks the same as for APIs (X-API-KEY) ?

Thank you!

0
Tyler Bell
- August 03, 2024 04:27
Are you using the npm admin package?

That actually might be the only way to verify webhooks at the moment 🤔

0
Felix Gräf
- August 03, 2024 04:28
Thanks for the quick reply. I tried to find a way to do it on my back end server in python as this would simplify the process of keeping the database up to date. Could you recommend any library or any option to do this? Or is this not an option at all?

Thank you!

0
Tyler Bell
- August 03, 2024 04:29
Felix Gräf

https://www.loom.com/share/7421d4434bed4a7ab648a7171ea56c0b?sid=037efbcb-c8ba-47fd-943c-b6382a2f4243

https://docs.svix.com/receiving/verifying-payloads/how#python-django

0
Felix Gräf
- August 03, 2024 04:31
Thank you so much for your help!

0
Justas Kondratavičius
- February 09, 2025 21:47
Hey, I have a question regarding webhook verification. I successfully receive webhooks to my Laravel backend server. I have my signing secret whsec_°°°°°° . The webhook request that I receive contains headers:
```
Svix-Id msg_: °°°°
Svix-Signature: v1,fQ°°°°°
```
How do I validate the requests using the signing secret?
0
Raquel Lopez
- February 09, 2025 21:49
Uhmm, according to the docs you have to use a node library to validate the webhook... Because you're using Php, you could create a small cloud function based on validate that for you in a node environment or create a full instance of node in your server

Here are the docs, there's an example of how the script would work https://developers.memberstack.com/docs/admin-package/admin-package-node.js#verification

0
Tyler Bell
- February 09, 2025 21:50
Justas Kondratavičius our webhooks are powered by a service called svix.

You can use any of their API's / libraries to verify the webhooks as well.

https://docs.svix.com/receiving/verifying-payloads/how

Looks like they do have a specific PHP option.

0
Justas Kondratavičius
- February 09, 2025 21:52
Thank you very much, the Svix package worked like a charm! 🫶

0

Please sign in to leave a comment.