https://www.growthbook.io/ logo
#announcements
Title
# announcements
g

gentle-morning-2222

02/09/2023, 8:43 PM
Hello ! Is it possible to get in contact with the "Java expert"? I am having trouble with the encryption for the webhook and I am pretty sure my issue can be solved by someone that had experience setting up webhooks with Java
@fresh-football-47124 hey sorry to bother. Could you tag the Java expert here? Not urgent but if they have some time today, it would be appreciated
f

fresh-football-47124

02/10/2023, 2:44 PM
sure thing
❤️ 1
g

gentle-morning-2222

02/10/2023, 5:59 PM
What is their @ ?
f

fresh-football-47124

02/10/2023, 6:00 PM
@better-magician-65629 she should be able to help you in about an hour or so
g

gentle-morning-2222

02/10/2023, 6:00 PM
Wonderful. Thanks a lot
b

better-magician-65629

02/10/2023, 8:17 PM
hi @gentle-morning-2222 do you mind sharing the following info: • code sample of your implementation • which web framework you're using and the version • the error you're receiving (and which line in the code sample provided it happens at) it'll allow me to narrow down where you may be experiencing the issue. you may find this example implementation in javascript useful. the cryptography would be a similar approach but in java: https://github.com/growthbook/examples/blob/main/webhooks-impl/middleware/authenticateWebHooks.js one of the places where webhook signature verification could go wrong is if you have some kind of middleware layer when getting the request body and it transforms the request body (so it isn't verbatim as was sent). you need the raw request body without it having been processed by any middleware to use for the comparison otherwise the signature verification would fail, even if the crypto stuff is implemented correctly. in express, for example, we need to use the raw body middleware to get access to the body before it is transformed by other middleware. how this is done in java depends on the web framework you're using. also, before doing a signature verification with a time-safe equal compare function, you will need to ensure both strings are the same length as time-safe compare will not allow you to compare strings of different sizes in most libraries. we don't yet have an example implementation in java but this should hopefully help.
you may also find some links in this google search helpful as many companies use this approach for webhook signature verification.
g

gentle-morning-2222

02/10/2023, 8:28 PM
My only concern at the moment is translating this node example in Java. I can never get it to work
Do you have a Java code sample that works?
b

better-magician-65629

02/10/2023, 8:29 PM
at this time we do not have a java example. can you share what you've tried so we can troubleshoot what went wrong with your attempt?
please share the following: • code sample of your implementation • which web framework you're using and the version • the error you're receiving (and which line in the code sample provided it happens at)
g

gentle-morning-2222

02/10/2023, 8:30 PM
I have tried multiple things. I'll send you the code snipet privately
b

better-magician-65629

02/10/2023, 8:30 PM
yeah feel free to DM me, thanks
10 Views