[Solved] Consider this Python code snippet verifying a webhook signature:import hmac import hashlib secret = b'mysecret' payload = b'payload data' header_sig =... | Rest API

Rest API - Webhooks and Events

Consider this Python code snippet verifying a webhook signature:

import hmac
import hashlib

secret = b'mysecret'
payload = b'payload data'
header_sig = 'a3f5c2d4e6b7f8a9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b3'

computed_sig = hmac.new(secret, payload, hashlib.sha256).hexdigest()

if hmac.compare_digest(computed_sig, header_sig):
    print('Valid signature')
else:
    print('Invalid signature')

What will be printed if the computed signature matches the header signature?

AAn exception is raised

BInvalid signature

CValid signature

DNo output

Step-by-Step Solution

Solution:

Step 1: Compute HMAC
The computed_sig variable holds the hex digest of the HMAC SHA256 of the payload using the secret.
Step 2: Compare signatures
hmac.compare_digest() securely compares the computed signature with the header signature.
Step 3: Conditional output
If signatures match, the code prints 'Valid signature'. Otherwise, it prints 'Invalid signature'.
Final Answer:
Valid signature -> Option C
Quick Check:
Matching signatures print 'Valid signature' [OK]

Quick Trick: Matching signatures print 'Valid signature' [OK]

Common Mistakes:

MISTAKES

Using == instead of compare_digest for comparison
Not calling hexdigest() on HMAC object
Confusing payload and secret bytes
Assuming no output on match

Master "Webhooks and Events" in Rest API

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More Rest API Quizzes

Consider this Python code snippet verifying a webhook signature:

Step 1: Compute HMAC

Step 2: Compare signatures

Step 3: Conditional output

Final Answer:

Quick Check:

Want More Practice?