If you experience webhook signature verification failures, it may be due to one of the following reasons:
-
You're using the wrong secret key to verify the signature. For example, you may be attempting to verify using the secret key from a different merchant configuration, or for the wrong environment (sandbox or production).
-
Your server's middleware or framework is modifying the raw request body before you're able to verify.
-
There's an error in your signature generation logic.