verify_webhook_signature
Validate webhook authenticity from Infini Payment by checking signatures against provided body, timestamp, and secret to ensure secure transaction processing.
Instructions
Verify webhook signature from Infini.
Args:
body: Raw webhook body string
signature: Signature from webhook header
timestamp: Timestamp from webhook header
webhook_secret: Webhook secret (uses INFINI_SECRET_KEY if not provided)Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| body | Yes | ||
| signature | Yes | ||
| timestamp | Yes | ||
| webhook_secret | No |
Implementation Reference
- server.py:267-310 (handler)The handler function for the 'verify_webhook_signature' tool, registered via @mcp.tool() decorator. It verifies Infini webhook signatures by recomputing HMAC-SHA256 of timestamp + raw body using the secret and comparing it to the provided signature.
@mcp.tool() def verify_webhook_signature( body: str, signature: str, timestamp: str, webhook_secret: Optional[str] = None ) -> str: """ Verify webhook signature from Infini. Args: body: Raw webhook body string signature: Signature from webhook header timestamp: Timestamp from webhook header webhook_secret: Webhook secret (uses INFINI_SECRET_KEY if not provided) """ if not webhook_secret: webhook_secret = INFINI_SECRET_KEY if not webhook_secret: return "Error: No webhook secret available" try: # Create signing string: timestamp + body signing_string = f"{timestamp}{body}" # Calculate expected signature expected_signature = base64.b64encode( hmac.new( webhook_secret.encode(), signing_string.encode(), hashlib.sha256 ).digest() ).decode() # Compare signatures if hmac.compare_digest(signature, expected_signature): return "Webhook signature verified successfully" else: return "Webhook signature verification failed" except Exception as e: return f"Error verifying webhook: {str(e)}"