Securing Twitter Webhook

As mentioned in Twitter Docs Steps to validate a request

Create a hash using your consumer secret and incoming payload body.
Compare created hash with the base64 encoded x-twitter-webhooks-signature value.

Here is my code for doing so:

const buffer = Buffer.from(JSON.stringify(ctx.request.body))
const expectedHash = crypto.createHmac('sha256', TWITTER_CONSUMER_SECRET).update(buffer).digest('base64')

The x-twitter-webhooks-signature header from twitter and the hash generated does not match. Also, the post at https://twittercommunity.com/t/validating-the-webhook-signature-header-in-node-js/102525 says that it's JSON.stringify() issue. I'm using koa and koa-body, how can I fix the hash mismatch?

Solution

Found a solution. Used koa-bodyparser instead of koa-body then sha256 of ctx.request.rawBody matches with the header.

Invalid options object. Dev Server has been initialized using an options object that does not match the API schema
What is the (smallest) setup to allow import to be used by Jest?
How can the default node version be set using NVM?
Uncaught ReferenceError: Buffer is not defined
How to properly delete data from a table and chain the deletion
How do I test a Node.JS Script that is not a module and runs as soon as it's called?
Testing JavaScript Written for the Browser in Node JS
'You are running version ' + process.version + ' of Node.js, which is not supported by Angular CLI v6
Update BigQuery table with an array of objects where some of the values may be null
Using multer diskStorage with Typescript
Error: Could not resolve various Storybook dependencies with Storybook 8 and PNPM
Do global augmentations need to be imported as a side effect in the consumer?
npm ERR! Refusing to delete / code EEXIST
How to allow ':' character in Node.js Express routes (Google custom methods)
nodemon + express, listen port =?
NextAuth: how to return custom errors without redirection
npm publish fails with GitLab NPM registry
How to end server in VSCode after closing terminal window
AWS SDK file upload to S3 via Node/Express using stream PassThrough - file is always corrupt
Github API is responding with a 403 when using Request's request function
Refactor AWS cdk stack into multiple smaller stacks
"React.Children.only expected to receive a single React element child" error when putting <Image> and <TouchableHighlight> in a <View>
Firestore set doc with merge option true or update doc
node:console test is producing TypeError: Console is not a constructor
setState doesn't update the state immediately
Unknown file extension ".ts" for a TypeScript file
Axios delete method
Re-throwing exception in NodeJS and not losing stack trace
Firebase Functions "cannot determine backend specification"
Cant access Firebase Admin SDK via Node.js on my VPS, but I can on my local machine