Angel Mayr
Angel Mayr8mo ago

whatsapp-trigger - >Error: error validating signature

Hello, I'm encountering issues while attempting to connect my WhatsApp Business account through the WhatsApp Bot node; it is not functioning correctly. Specifically, my primary workspace is displaying the following error: whatsapp-trigger -> error: Error: error validating signature. Here are the steps I followed according to the documentation: First, I created a Token Verification Workspace, setting the token in the 'Token Verification Node' to match the Temporary Access Token provided by Meta. Then, I deployed it. I configured this endpoint in the Callback URL on Meta. Currently, only this workspace is running with a status of 200 and displaying 'Webhook verification successful. 2nd. In a separate workspace, I configured the WhatsApp Bot trigger using the App ID and App Secret. I used the same PATH as in my first workspace; however, it fails to operate correctly, returning an "error validating signature." Additionally, I am encountering an issue where sending a single message to my chatbot on WhatsApp results in multiple log entries. For instance, when I sent the message "Hello guys" on WhatsApp, the LOG section showed 3 or 4 entries for each message Apparently, the same message is sending multiple requests to the webhook, causing the records to duplicate. Also, the records are showing messages that I sent a day ago, so it's not only sending the same message multiple times but also sending previous ones (which is useless). In Meta, I only have "Messages" configured in the webhook fields. I hpe your answers, pls
No description
No description
No description
No description
Solution:
In your workflow, I checked the phonenumber ID in the auto responder was not referenced correctly, I've updated it on your workflow and the node too. Yeah, currently it will log each event we are checking on a solution to match the message id and stop it when a message is not received, as meta does not provide anything to handle this, they do send the the request every second till 15 minutes to check the secure connection. - https://developers.facebook.com/docs/whatsapp/cloud-api/guides/set-up-...
Meta for Developers
Webhooks - Cloud API - Documentation - Meta for Developers
Subscribe Webhooks to get notifications about messages your business receives and customer profile updates.
Jump to solution
20 Replies
Gaurav Chadha
Gaurav Chadha8mo ago
Hi @Angel Mayr, could you please confirm if your verification endpoint is verified on the Meta dashboard?
No description
Angel Mayr
Angel MayrOP8mo ago
Hi @Gaurav Chadha, Yes, I successfully set up the endpoint on the Meta dashboard. In fact, my token verification workflow returned a status of 200. Would you like me to send you my workflow?
No description
Gaurav Chadha
Gaurav Chadha8mo ago
Yes, you can share it via in-app support, we'll take a look. https://docs.buildship.com/support-messages
Support Messages – BuildShip
A unified resource to start building your backend with low-code. Dive into triggers, nodes, and step-by-step guidance to jumpstart your workflow creation.
Angel Mayr
Angel MayrOP8mo ago
"Done! I have shared it with you. I also shared the other workflow yesterday, and I hope you can review it and provide me with your feedback, please. Thanks!"
Gaurav Chadha
Gaurav Chadha8mo ago
Hi @Angel Mayr, Thanks for sharing the workflow copy, I see, you are not using the Trigger with the auto responder node in your workflow, the auto responder node sends the payload to the trigger request each time simultaneously to verify the signature in the request. Could you please try with including the responder node? I would recommend to test with the pre-built template first and then remix.
Angel Mayr
Angel MayrOP8mo ago
Hi, I’ve encountered the issue with setting up the WhatsApp Bot Trigger. The documentation suggests using "App ID" and "App Secret" as keys. However, this setup was unsuccessful in my workflow. Using the phone ID instead resolved the initial problem. Despite this fix, there is a persisting issue with message reception. For instance, I sent 10 test messages yesterday, and the Trigger is still active today; the messages sent earlier continue to appear in Buildship. Moreover, when I send a new message, the chatbot in WhatsApp responds with the previous messages. Additionally, the WhatsApp Bot Trigger logs each event, noting when users receive and read messages. However, the Meta Dev dashboard only displays "messages" configured in the webhook fields. Please help me address these issues. Thank you.
Angel Mayr
Angel MayrOP8mo ago
Could you also review the screenshots of my Meta dashboard and my conversation chat?
No description
No description
Solution
Gaurav Chadha
Gaurav Chadha8mo ago
In your workflow, I checked the phonenumber ID in the auto responder was not referenced correctly, I've updated it on your workflow and the node too. Yeah, currently it will log each event we are checking on a solution to match the message id and stop it when a message is not received, as meta does not provide anything to handle this, they do send the the request every second till 15 minutes to check the secure connection. - https://developers.facebook.com/docs/whatsapp/cloud-api/guides/set-up-webhooks#webhook-delivery-failure.
Meta for Developers
Webhooks - Cloud API - Documentation - Meta for Developers
Subscribe Webhooks to get notifications about messages your business receives and customer profile updates.
ssmedusass
ssmedusass5mo ago
Hey guys I am encountering this same issue
Giovanni Cocco
Giovanni Cocco2w ago
Hi everyone! I'm getting this or the same error, but what's causing it are the words with accents. If I send the same message without accents it works. Can help?
AI Support
AI Support2w ago
AI Support Bot Information
<@495561314802991106> you can react on the relevant answer (message) with a ✅ in this thread when you think it has been solved, by the bot or by a human! Anyone can react on this message with a ❌ if the GPT bot is unhelpful or hallucinating answers. Please note: Team members will review and answer the questions on best efforts basis.
AI Support
AI Support2w ago
AI Response
I'm sorry, but I couldn't locate any specific information in the uploaded files regarding errors caused by words with accents. It might be beneficial to investigate input validation or encoding issues. If the problem persists, please send a support request directly through the BuildShip interface for further assistance.
BuildShip AI Support
Gaurav Chadha
Gaurav Chadha2w ago
Hi @Giovanni Cocco @ssmedusass , we'll test out with different accent and will let you know on the fix. cc @Wimukthi
Giovanni Cocco
Giovanni Cocco2w ago
Thanks @Gaurav Chadha I will wait! Hi @Gaurav Chadha any news about this error?
Gaurav Chadha
Gaurav Chadha2w ago
Hi @Giovanni Cocco could you please try to delete and add the whatsapp trigger again? @Wimukthi will be sharing a fixed/updated copy of your workflow over email.
Giovanni Cocco
Giovanni Cocco5d ago
Ok my workflow is back! Just waiting the fix/updated from WhatsApp trigger! @Gaurav Chadha Any update about this fix? I think the problem is here right? // validate signature function validate_signature(data, hmac_header, accessSecret) { const json_string = JSON.stringify(data); const hmacReceived = hmac_header.replace('sha256=', ''); const digest = crypto.createHmac('sha256', accessSecret).update(json_string).digest('hex'); const resp = crypto.timingSafeEqual(Buffer.from(hmacReceived, 'hex'), Buffer.from(digest, 'hex')); console.log(validate_signature: ${resp}) return resp; } @Gaurav Chadha Solved!
Gaurav Chadha
Gaurav Chadha5d ago
Hi @Giovanni Cocco good to know, could you please share the solution as well? cc @Wimukthi we can update it on the main logic
Wimukthi
Wimukthi5d ago
Thats Great. Feel free to share the solution as well!
Giovanni Cocco
Giovanni Cocco4d ago
Hi guys! cc @Gaurav Chadha @Wimukthi I modified this two lines: const json_string = rawData.normalize('NFC'); // NFC Standardization const rawBody = await parser.text(nodeReq); // Read raw body as string The entire code. Cc @Gaurav Chadha @Wimukthi import parser from "co-body"; import typeis from "type-is"; import crypto from 'crypto'; const mimeTypes = { json: [ "application/json", "application/json-patch+json", "application/vnd.api+json", "application/csp-report", "application/reports+json", "application/scim+json", ], form: ["application/x-www-form-urlencoded"], text: ["text/plain"], xml: ["text/xml", "application/xml"], }; function isTypes(contentTypeValue, types) { if (typeof contentTypeValue === "string") { contentTypeValue = contentTypeValue.replace(/;$/, ""); } return typeis.is(contentTypeValue, types); } function validate_signature(rawData, hmac_header, accessSecret) { const hmacReceived = hmac_header.replace('sha256=', ''); const json_string = rawData.normalize('NFC'); // NFC Standardization const digest = crypto.createHmac('sha256', accessSecret).update(json_string).digest('hex'); const resp = crypto.timingSafeEqual( Buffer.from(hmacReceived, 'hex'), Buffer.from(digest, 'hex') ); console.log(validate_signature: ${resp}); return resp; } async function onExecution({ app_id, accessSecret }, { nodeReq, request, res, logging }) { try { logging.log(onExecution); const rawBody = await parser.text(nodeReq); // Read raw body as string const sig = request.headers['x-hub-signature-256']; logging.log("sig", sig); const valid = validate_signature(rawBody, sig, accessSecret); logging.log("valid", valid); if (!valid) { throw new Error("error validating signature"); } return { request: { headers: request.headers, body: JSON.parse(rawBody), }, output: {} }; } catch (error) { logging.log(error); throw new Error(error: ${error}); } } export default { onCreate: async () => ({ success: true }), onUpdate: async () => ({ success: true }), onExecution };
Wimukthi
Wimukthi4d ago
Thanks @Giovanni Cocco