On the off chance anyone else is wrestling with this, while I know how Ghost calculates the hash based on a secret to be passed via webhook header, and I’m using the same algorithm, I still can’t get it to match up with the hash being passed in the X-Ghost-Signature webhook header. crypto.createHma…

The signature includes a timestamp, you’ll need to strip it: [image] Issue Title: Unable to Verify Ghost Event Using Webhook Using Ghost You can set a webhook secret. Here’s how the secret is generated (tldr: hmac of the request payload signed with the shared …

Calculating sha256 for Ghost webhook

Developer help

vikaspotluri123 January 25, 2024, 3:32am 2

The signature includes a timestamp, you’ll need to strip it:

Topic		Replies	Views
Webhook signature mismatch - secret and body checked Bugs	3	87	February 26, 2025
Issue Title: Unable to Verify Ghost Event Using Webhook Using Ghost	17	941	December 12, 2024
Is there any way to add custom header to webhooks? Integrations & API	4	920	December 19, 2024
Wehbook validation, in phython Using Ghost	2	98	August 25, 2024
How to check signature of ghost-members-ssr cookie in js Memberships & subscriptions	4	390	March 7, 2024

Calculating sha256 for Ghost webhook

Related topics