验证模拟 PayPal webhook 的签名总是返回“FAILURE”

Posted 2023-02-22

【中文标题】验证模拟 PayPal webhook 的签名总是返回“FAILURE”

【英文标题】：Verifying simulated PayPal webhook's signature always returns "FAILURE"

【发布时间】：2021-06-25 15:11:29

【问题描述】：

我正在尝试使用此文档在我们的应用程序中实现 webhook 调用：https://developer.paypal.com/docs/api/webhooks/v1/，问题是，当我尝试验证 webhook 签名时，它总是返回 FAILURE，我还不能真正在生产环境中测试它.即使我通过文档中的直接 api 调用模拟 webhook 事件，它仍然返回 FAILURE。有没有可能，它只能在真正发生的贝宝事件上返回成功？例如，像真正的生产付款？还是我做错了什么。如果需要，我可以提供更多信息。谢谢。回复如下：

PayPalHttp\HttpResponse #a30c statusCode => 200 result => stdClass #8bf3 |  verification_status => "FAILURE" (7) headers => array (6) |  "" => "" |  Cache-Control => "max-age=0, no-cache, no-store, must-revalidate" (46) |  Content-Length => "33" (2) |  Content-Type => "application/json" (16) |  Date => "Mon, 29 Mar 2021 14" (19) |  Paypal-Debug-Id => "e9ff5d6e338e1" (13)

这是旧请求的日志

"path":"/v1/notifications/verify-webhook-signature","body":"transmission_id":"8e327350-9134-11eb-aacd-47b3747d966f","transmission_time":"2021-03 -30T08:47:27Z","cert_url":"https://api.sandbox.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-1d93a270","auth_algo":"SHA256withRSA","transmission_sig “：” gFiHAuhJeTRsZm441pbYsxkmO7p3fo / ZRt6hbgKTfAX8ZR29Q6YV38A7cqNloGCpes6ZmoMJ8AOLn8iNMC9zlwyzdaFkQ + VEuEc0E8Hbq8imZ3caky7TlXkKmdZmv5LzL + 2pFH2o4NaLsbeNkBnyEeq / pJUczgLf1u / 5SbA6wytcogLeXAMyqAUxYn35OVo083bVv8ykJ5o0z9pXlsMFjD85gRnci4NbJDQBQVKW9fuX2FUhPceq0eHc1IIxYSYaYAYApPBGp7GOwc3odmahOtHn / hwIbUOupxWEJfiJB / o3lQN5V7F0TvCXPOJLfXrbYKbLD2JRaK4aqIX3BUGrmg ==”， “webhook_id”： “82X68571MD226184L”， “webhook_event”： “ID”： “WH-2WR32451HC0233532-67976317FL4543714”， “CREATE_TIME” :"2014-10-23T17:23:52Z","re​​source_type":"sale","event_type":"PAYMENT.SALE.COMPLETED","summary":"一笔成功的销售付款为 0.48 美元", "资源":"id":"80021663DE681814L","create_time":"2014-10-23T17:22:56Z","update_time" :"2014-10-23T17:23:04Z","state":"completed","amount":"total":"0.48","currency":"USD","details":"subtotal" :null,"parent_payment":"PAY-1PA12106FU478450MKRETS4A","valid_until":null,"payment_mode":"ECHECK","clearing_time":"2014-10-30T07:00:00Z","protection_eligibility_type":" ITEM_NOT_RECEIVED_ELIGIBLE,UNAUTHORIZED_PAYMENT_ELIGIBLE","protection_eligibility":"ELIGIBLE","links":["href":"https://api.paypal.com/v1/payments/sale/80021663DE681814L","re​​l":"self" ,"method":"GET","href":"https://api.paypal.com/v1/payments/sale/80021663DE681814L/refund","re​​l":"refund","method":" POST","href":"https://api.paypal.com/v1/payments/payment/PAY-1PA12106FU478450MKRETS4A","re​​l":"parent_payment","method":"GET"], "链接":["href":"https://api.paypal.com/v1/notifications/webhooks-events/WH-2WR32451HC0233532-67976317FL4543714","re​​l":"self","method":"GET ","encType":null,"href":"https://api.paypal.com/v1/notifications/webhooks-events/WH-2WR32451HC0233532-67976317FL4543714/resend","re​​l":"resend", “方法”： "POST","encType":null],"event_version":"1.0","verb":"POST","headers":"Content-Type":"application/json"

这是一个新请求，由 paypal 沙盒上的订阅 webhook 触发（仍然返回 FAILURE）：

"path":"/v1/notifications/verify-webhook-signature","body":"transmission_id":"bafac560-9150-11eb-88b5-5316a049110c","transmission_time":"2021-03 -30T12:09:08Z","cert_url":"https://api.sandbox.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-1d93a270","auth_algo":"SHA256withRSA","transmission_sig “：” APlouF6dHqKMP2zUPxRWlvdM1ddLhW / iyNtl705o5Uv0rzfCiXy7lJ + JP + JPHiebW + PnKBPkemd0JtL9muffe97bKbFB3dQvCwr9iLBYHUOWzZkLjZVICrbJt11TrjY / RTjg9kGxc1QTVo8ajfu6he0GGD80lQm3DA / 9WJYvzV2VD1Uj0lDLmrja4Vf7gbEoYcfvKXRegC3rcaz1vxEFgOy5ZbBfcnKDBW97tmfKY32g + uVdJgo0MN9cqmp2fsXmnaix / q3tVfCouP / 9qTnTeuX + kO8ZvzqJ5C / wmwAN6WZVRlZy2lIndXo7pYKVvRM53LAj9koAPE1tkLigVSVUQA == “ ”webhook_id“： ”7KV76897B77655129“， ”webhook_event“： ”ID“：” WH- 4LW999679F247300G-9PC79308E9858631L","create_time":"2021-03-30T12:09:04.942Z","re​​source_type":"sale","event_type":"PAYMENT.SALE.COMPLETED","summary":"付款完成$ 48.75 USD","re​​source":"id":"76H86888MM106214H","create_time":"2021-03-30T12:07:43Z","update_time":"2021-03-30 T12:07:43Z","state":"completed","amount":"total":"48.75","currency":"USD","details":"subtotal":"48.75" ,"payment_mode":"INSTANT_TRANSFER","valid_until":null,"transaction_fee":"currency":"USD","value":"1.96","billing_agreement_id":"I-4C7NSCV76GSD","soft_descriptor" :"PAYPAL *JOHNDOESTES","protection_eligibility_type":"ITEM_NOT_RECEIVED_ELIGIBLE,UNAUTHORIZED_PAYMENT_ELIGIBLE","protection_eligibility":"ELIGIBLE","invoice_number":"","links":["href":"https://api.sandbox .paypal.com/v1/payments/sale/76H86888MM106214H","re​​l":"self","method":"GET","href":"https://api.sandbox.paypal.com/v1 /payments/sale/76H86888MM106214H/refund","re​​l":"refund","method":"POST"],"links":["href":"https://api.sandbox.paypal. com/v1/notifications/webhooks-events/WH-4LW999679F247300G-9PC79308E9858631L","re​​l":"self","method":"GET","href":"https://api.sandbox.paypal. com/v1/notifications/webhooks-events/WH-4LW999679F247300G-9PC79308E9858631L/resend","re​​l":"resend","method":"POST"],"event_version":"1.0","ver b":"POST","headers":"Content-Type":"application/json"

【问题讨论】：

你的请求日志在哪里

更新问题@PrestonPHX

我可以在 *** 以外的地方与您联系吗？ @PrestonPHX

@PrestonPHX 我再次更新了问题并添加了一个新请求，订阅了 webhook 并支付了触发 webhook 的费用，但它仍然返回 FAILURE 。奇怪...

【参考方案1】：

2014-10-23T17:23:52Z

您无法验证 2014 年以来的模拟 Webhook。您只能验证您的特定客户端 ID 最近收到的 Webhook，用于沙盒或实时模式（无论客户端 ID 对应哪个）。

订阅实际的 webhook 事件（在沙盒或实时模式下）以接收它们，然后执行将触发它们的操作，然后在收到后验证它们。

【讨论】：

这很奇怪，我用这个developer.paypal.com/docs/api/webhooks/v1/#simulate-event来模拟事件。所以它必须像沙盒或生产上的真正付款？

正确。模拟的 webhook 是模拟数据，无法通过回发进行验证。