I am trying to implement webhook calls into our applications using this documentation : https://developer.paypal.com/docs/api/webhooks/v1/ , the problem is, when I am trying to verify the webhook signature, it always returns FAILURE, I can't really test it on production yet. Even if I simulate the webhook event via the direct api call in the documentation it still returns FAILURE. Is there a possibility, that it can only return SUCCESS on paypal events that really happend ? like a real payment on production for example ? Or am I doing something wrong. I can provide more info if needed. Thanks. Here is the response:
PayPalHttp\HttpResponse #a30c statusCode => 200 result => stdClass #8bf3 | verification_status => "FAILURE" (7) headers => array (6) | "" => "" | Cache-Control => "max-age=0, no-cache, no-store, must-revalidate" (46) | Content-Length => "33" (2) | Content-Type => "application/json" (16) | Date => "Mon, 29 Mar 2021 14" (19) | Paypal-Debug-Id => "e9ff5d6e338e1" (13)
here is a log of the old request
{"path":"/v1/notifications/verify-webhook-signature","body":{"transmission_id":"8e327350-9134-11eb-aacd-47b3747d966f","transmission_time":"2021-03-30T08:47:27Z","cert_url":"https://api.sandbox.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-1d93a270","auth_algo":"SHA256withRSA","transmission_sig":"gFiHAuhJeTRsZm441pbYsxkmO7p3fo/ZRt6hbgKTfAX8ZR29Q6YV38A7cqNloGCpes6ZmoMJ8AOLn8iNMC9zlwyzdaFkQ+VEuEc0E8Hbq8imZ3caky7TlXkKmdZmv5LzL+2pFH2o4NaLsbeNkBnyEeq/pJUczgLf1u/5SbA6wytcogLeXAMyqAUxYn35OVo083bVv8ykJ5o0z9pXlsMFjD85gRnci4NbJDQBQVKW9fuX2FUhPceq0eHc1IIxYSYaYAYApPBGp7GOwc3odmahOtHn/hwIbUOupxWEJfiJB/o3lQN5V7F0TvCXPOJLfXrbYKbLD2JRaK4aqIX3BUGrmg==","webhook_id":"82X68571MD226184L","webhook_event":{"id":"WH-2WR32451HC0233532-67976317FL4543714","create_time":"2014-10-23T17:23:52Z","resource_type":"sale","event_type":"PAYMENT.SALE.COMPLETED","summary":"A successful sale payment was made for $ 0.48 USD","resource":{"id":"80021663DE681814L","create_time":"2014-10-23T17:22:56Z","update_time":"2014-10-23T17:23:04Z","state":"completed","amount":{"total":"0.48","currency":"USD","details":{"subtotal":null}},"parent_payment":"PAY-1PA12106FU478450MKRETS4A","valid_until":null,"payment_mode":"ECHECK","clearing_time":"2014-10-30T07:00:00Z","protection_eligibility_type":"ITEM_NOT_RECEIVED_ELIGIBLE,UNAUTHORIZED_PAYMENT_ELIGIBLE","protection_eligibility":"ELIGIBLE","links":[{"href":"https://api.paypal.com/v1/payments/sale/80021663DE681814L","rel":"self","method":"GET"},{"href":"https://api.paypal.com/v1/payments/sale/80021663DE681814L/refund","rel":"refund","method":"POST"},{"href":"https://api.paypal.com/v1/payments/payment/PAY-1PA12106FU478450MKRETS4A","rel":"parent_payment","method":"GET"}]},"links":[{"href":"https://api.paypal.com/v1/notifications/webhooks-events/WH-2WR32451HC0233532-67976317FL4543714","rel":"self","method":"GET","encType":null},{"href":"https://api.paypal.com/v1/notifications/webhooks-events/WH-2WR32451HC0233532-67976317FL4543714/resend","rel":"resend","method":"POST","encType":null}],"event_version":"1.0"}},"verb":"POST","headers":{"Content-Type":"application/json"}}
This is a new request, triggered by subscribed webhook on paypal sandbox (still returns FAILURE):
{"path":"/v1/notifications/verify-webhook-signature","body":{"transmission_id":"bafac560-9150-11eb-88b5-5316a049110c","transmission_time":"2021-03-30T12:09:08Z","cert_url":"https://api.sandbox.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-1d93a270","auth_algo":"SHA256withRSA","transmission_sig":"APlouF6dHqKMP2zUPxRWlvdM1ddLhW/iyNtl705o5Uv0rzfCiXy7lJ+jP+JPHiebW+PnKBPkemd0JtL9muffe97bKbFB3dQvCwr9iLBYHUOWzZkLjZVICrbJt11TrjY/RTjg9kGxc1QTVo8ajfu6he0GGD80lQm3DA/9WJYvzV2VD1Uj0lDLmrja4Vf7gbEoYcfvKXRegC3rcaz1vxEFgOy5ZbBfcnKDBW97tmfKY32g+uVdJgo0MN9cqmp2fsXmnaix/q3tVfCouP/9qTnTeuX+kO8ZvzqJ5C/wmwAN6WZVRlZy2lIndXo7pYKVvRM53LAj9koAPE1tkLigVSVUQA==","webhook_id":"7KV76897B77655129","webhook_event":{"id":"WH-4LW999679F247300G-9PC79308E9858631L","create_time":"2021-03-30T12:09:04.942Z","resource_type":"sale","event_type":"PAYMENT.SALE.COMPLETED","summary":"Payment completed for $ 48.75 USD","resource":{"id":"76H86888MM106214H","create_time":"2021-03-30T12:07:43Z","update_time":"2021-03-30T12:07:43Z","state":"completed","amount":{"total":"48.75","currency":"USD","details":{"subtotal":"48.75"}},"payment_mode":"INSTANT_TRANSFER","valid_until":null,"transaction_fee":{"currency":"USD","value":"1.96"},"billing_agreement_id":"I-4C7NSCV76GSD","soft_descriptor":"PAYPAL *JOHNDOESTES","protection_eligibility_type":"ITEM_NOT_RECEIVED_ELIGIBLE,UNAUTHORIZED_PAYMENT_ELIGIBLE","protection_eligibility":"ELIGIBLE","invoice_number":"","links":[{"href":"https://api.sandbox.paypal.com/v1/payments/sale/76H86888MM106214H","rel":"self","method":"GET"},{"href":"https://api.sandbox.paypal.com/v1/payments/sale/76H86888MM106214H/refund","rel":"refund","method":"POST"}]},"links":[{"href":"https://api.sandbox.paypal.com/v1/notifications/webhooks-events/WH-4LW999679F247300G-9PC79308E9858631L","rel":"self","method":"GET"},{"href":"https://api.sandbox.paypal.com/v1/notifications/webhooks-events/WH-4LW999679F247300G-9PC79308E9858631L/resend","rel":"resend","method":"POST"}],"event_version":"1.0"}},"verb":"POST","headers":{"Content-Type":"application/json"}}
2014-10-23T17:23:52Z
You cannot verify a simulated webhook from 2014. You can only verify recent webhooks your particular client-id has received, for sandbox or live modes (whichever the client-id corresponds to).
Subscribe to actual webhook events (in sandbox or live modes) in order to receive them, then perform the action that will trigger them, then verify them once received.