validateWebhookSignature function - utils library

razorpay_dart package
documentation
utils.dart
validateWebhookSignature function

validateWebhookSignature function

bool validateWebhookSignature(

String body,
String signature,
String secret

)

Validates the webhook signature.

@param body - The raw request body string. @param signature - The signature from the 'X-Razorpay-Signature' header. @param secret - Your webhook secret. @returns True if the signature is valid, false otherwise.

Implementation

bool validateWebhookSignature(String body, String signature, String secret) {
  if (body.isEmpty || signature.isEmpty || secret.isEmpty) {
    throw ArgumentError(
      'Invalid Parameters: Please provide request body, signature, and secret.',
    );
  }

  final key = utf8.encode(secret);
  final bodyBytes = utf8.encode(body);

  final hmac = Hmac(sha256, key);
  final digest = hmac.convert(bodyBytes);

  final expectedSignature = digest.toString();

  // Constant-time comparison (optional but recommended for security)
  return secureCompare(expectedSignature, signature);
}