How to validate the signature from SG Webhook?

I’m trying to add a secret token to the webhooks but I’m not able to generate a valid signature following the documentation here:


body, _ := ioutil.ReadAll(req.Body)
fmt.Println(GetSignature(string(body), "mytoken"))

func GetSignature(input, key string) string {
	key_for_sign := []byte(key)
	h := hmac.New(sha1.New, key_for_sign)
	return hex.EncodeToString(h.Sum(nil))
1 Like

Hey @guilherme.giacchetto—sorry we missed your question. Moving it over to the #webhooks to get the right eyes on it.

Hi @guilherme.giacchetto,

What’s the difference between req.Body and body once it has gone through ioutil.ReadAll?

All the bytes in the same order need to be used in the signing process. Some clients have had issues in the pas with the body payload being parsed by a library or it’s data being reordered (because the body would be parsed and then re-serialized to text in a different order). Some have also encountered issues because of extra whitespace.