01-18-2022 06:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-18-2022 06:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hello!
I am having problems to figure out what I am missing for the verification of the signature in the webhooks.
I am getting the X-Fitbit-Signature header and matching it to the body of the request encrypted with SHA1 with the client-secret+'&' as key and then encoding it in Base64.
I have understood that, but it doesn't even match with the test from https://dev.fitbit.com/build/reference/web-api/developer-guide/best-practices/#Subscriber-Security.
I would appreciate if someone could give me a hand.
Thanks in advance!
Answered! Go to the Best Answer.

- Labels:
-
Subscriptions API
Accepted Solutions
01-19-2022 04:18
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-19-2022 04:18
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
The problem I was having is with the JSON body, I didn't remove the spaces and new lines, now it works!

01-19-2022 04:18
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-19-2022 04:18
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
The problem I was having is with the JSON body, I didn't remove the spaces and new lines, now it works!

