验证模拟 PayPal webhook 的签名总是返回“FAILURE”
Posted
技术标签:
【中文标题】验证模拟 PayPal webhook 的签名总是返回“FAILURE”【英文标题】:Verifying simulated PayPal webhook's signature always returns "FAILURE" 【发布时间】:2021-06-25 15:11:29 【问题描述】:我正在尝试使用此文档在我们的应用程序中实现 webhook 调用:https://developer.paypal.com/docs/api/webhooks/v1/,问题是,当我尝试验证 webhook 签名时,它总是返回 FAILURE,我还不能真正在生产环境中测试它.即使我通过文档中的直接 api 调用模拟 webhook 事件,它仍然返回 FAILURE。有没有可能,它只能在真正发生的贝宝事件上返回成功?例如,像真正的生产付款?还是我做错了什么。如果需要,我可以提供更多信息。谢谢。回复如下:
PayPalHttp\HttpResponse #a30c statusCode => 200 result => stdClass #8bf3 | verification_status => "FAILURE" (7) headers => array (6) | "" => "" | Cache-Control => "max-age=0, no-cache, no-store, must-revalidate" (46) | Content-Length => "33" (2) | Content-Type => "application/json" (16) | Date => "Mon, 29 Mar 2021 14" (19) | Paypal-Debug-Id => "e9ff5d6e338e1" (13)
这是旧请求的日志
"path":"/v1/notifications/verify-webhook-signature","body":"transmission_id":"8e327350-9134-11eb-aacd-47b3747d966f","transmission_time":"2021-03 -30T08:47:27Z","cert_url":"https://api.sandbox.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-1d93a270","auth_algo":"SHA256withRSA","transmission_sig “:” gFiHAuhJeTRsZm441pbYsxkmO7p3fo / ZRt6hbgKTfAX8ZR29Q6YV38A7cqNloGCpes6ZmoMJ8AOLn8iNMC9zlwyzdaFkQ + VEuEc0E8Hbq8imZ3caky7TlXkKmdZmv5LzL + 2pFH2o4NaLsbeNkBnyEeq / pJUczgLf1u / 5SbA6wytcogLeXAMyqAUxYn35OVo083bVv8ykJ5o0z9pXlsMFjD85gRnci4NbJDQBQVKW9fuX2FUhPceq0eHc1IIxYSYaYAYApPBGp7GOwc3odmahOtHn / hwIbUOupxWEJfiJB / o3lQN5V7F0TvCXPOJLfXrbYKbLD2JRaK4aqIX3BUGrmg ==”, “webhook_id”: “82X68571MD226184L”, “webhook_event”: “ID”: “WH-2WR32451HC0233532-67976317FL4543714”, “CREATE_TIME” :"2014-10-23T17:23:52Z","resource_type":"sale","event_type":"PAYMENT.SALE.COMPLETED","summary":"一笔成功的销售付款为 0.48 美元", "资源":"id":"80021663DE681814L","create_time":"2014-10-23T17:22:56Z","update_time" :"2014-10-23T17:23:04Z","state":"completed","amount":"total":"0.48","currency":"USD","details":"subtotal" :null,"parent_payment":"PAY-1PA12106FU478450MKRETS4A","valid_until":null,"payment_mode":"ECHECK","clearing_time":"2014-10-30T07:00:00Z","protection_eligibility_type":" ITEM_NOT_RECEIVED_ELIGIBLE,UNAUTHORIZED_PAYMENT_ELIGIBLE","protection_eligibility":"ELIGIBLE","links":["href":"https://api.paypal.com/v1/payments/sale/80021663DE681814L","rel":"self" ,"method":"GET","href":"https://api.paypal.com/v1/payments/sale/80021663DE681814L/refund","rel":"refund","method":" POST","href":"https://api.paypal.com/v1/payments/payment/PAY-1PA12106FU478450MKRETS4A","rel":"parent_payment","method":"GET"], "链接":["href":"https://api.paypal.com/v1/notifications/webhooks-events/WH-2WR32451HC0233532-67976317FL4543714","rel":"self","method":"GET ","encType":null,"href":"https://api.paypal.com/v1/notifications/webhooks-events/WH-2WR32451HC0233532-67976317FL4543714/resend","rel":"resend", “方法”: "POST","encType":null],"event_version":"1.0","verb":"POST","headers":"Content-Type":"application/json"
这是一个新请求,由 paypal 沙盒上的订阅 webhook 触发(仍然返回 FAILURE):
"path":"/v1/notifications/verify-webhook-signature","body":"transmission_id":"bafac560-9150-11eb-88b5-5316a049110c","transmission_time":"2021-03 -30T12:09:08Z","cert_url":"https://api.sandbox.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-1d93a270","auth_algo":"SHA256withRSA","transmission_sig “:” APlouF6dHqKMP2zUPxRWlvdM1ddLhW / iyNtl705o5Uv0rzfCiXy7lJ + JP + JPHiebW + PnKBPkemd0JtL9muffe97bKbFB3dQvCwr9iLBYHUOWzZkLjZVICrbJt11TrjY / RTjg9kGxc1QTVo8ajfu6he0GGD80lQm3DA / 9WJYvzV2VD1Uj0lDLmrja4Vf7gbEoYcfvKXRegC3rcaz1vxEFgOy5ZbBfcnKDBW97tmfKY32g + uVdJgo0MN9cqmp2fsXmnaix / q3tVfCouP / 9qTnTeuX + kO8ZvzqJ5C / wmwAN6WZVRlZy2lIndXo7pYKVvRM53LAj9koAPE1tkLigVSVUQA == “ ”webhook_id“: ”7KV76897B77655129“, ”webhook_event“: ”ID“:” WH- 4LW999679F247300G-9PC79308E9858631L","create_time":"2021-03-30T12:09:04.942Z","resource_type":"sale","event_type":"PAYMENT.SALE.COMPLETED","summary":"付款完成$ 48.75 USD","resource":"id":"76H86888MM106214H","create_time":"2021-03-30T12:07:43Z","update_time":"2021-03-30 T12:07:43Z","state":"completed","amount":"total":"48.75","currency":"USD","details":"subtotal":"48.75" ,"payment_mode":"INSTANT_TRANSFER","valid_until":null,"transaction_fee":"currency":"USD","value":"1.96","billing_agreement_id":"I-4C7NSCV76GSD","soft_descriptor" :"PAYPAL *JOHNDOESTES","protection_eligibility_type":"ITEM_NOT_RECEIVED_ELIGIBLE,UNAUTHORIZED_PAYMENT_ELIGIBLE","protection_eligibility":"ELIGIBLE","invoice_number":"","links":["href":"https://api.sandbox .paypal.com/v1/payments/sale/76H86888MM106214H","rel":"self","method":"GET","href":"https://api.sandbox.paypal.com/v1 /payments/sale/76H86888MM106214H/refund","rel":"refund","method":"POST"],"links":["href":"https://api.sandbox.paypal. com/v1/notifications/webhooks-events/WH-4LW999679F247300G-9PC79308E9858631L","rel":"self","method":"GET","href":"https://api.sandbox.paypal. com/v1/notifications/webhooks-events/WH-4LW999679F247300G-9PC79308E9858631L/resend","rel":"resend","method":"POST"],"event_version":"1.0","ver b":"POST","headers":"Content-Type":"application/json"
【问题讨论】:
你的请求日志在哪里 更新问题@PrestonPHX 我可以在 *** 以外的地方与您联系吗? @PrestonPHX @PrestonPHX 我再次更新了问题并添加了一个新请求,订阅了 webhook 并支付了触发 webhook 的费用,但它仍然返回 FAILURE 。奇怪... 【参考方案1】:2014-10-23T17:23:52Z
您无法验证 2014 年以来的模拟 Webhook。您只能验证您的特定客户端 ID 最近收到的 Webhook,用于沙盒或实时模式(无论客户端 ID 对应哪个)。
订阅实际的 webhook 事件(在沙盒或实时模式下)以接收它们,然后执行将触发它们的操作,然后在收到后验证它们。
【讨论】:
这很奇怪,我用这个developer.paypal.com/docs/api/webhooks/v1/#simulate-event来模拟事件。所以它必须像沙盒或生产上的真正付款? 正确。模拟的 webhook 是模拟数据,无法通过回发进行验证。以上是关于验证模拟 PayPal webhook 的签名总是返回“FAILURE”的主要内容,如果未能解决你的问题,请参考以下文章
如何在 PHP 中验证 Paypal webhook 签名?
PayPal + RESTful API + WebHooks + 自签名证书