I want to make this post as I have spent the last day trying to understand why the X-Hub-Signature being sent in the header wasn’t matching the the HMAC signature that I was getting when converting the JSON body and Client Secret from the request.
If you are using Python, MAKE SURE YOU USE SEPARATORS IN THE JSON DUMP BEFORE ENCODING.
Here is the method that worked for me:
def authenticate_intercom_request(self,x_hub_sig):
json_string = json.dumps(self.body, separators=(',', ':'))
hashed = hmac.new(self.secret.encode('utf-8'), json_string.encode('utf-8'), sha1)
return hmac.compare_digest(hashed.hexdigest(), x_hub_sig[5:])
Python by default will add chars in the body that will alter the returned value from Intercom, and without the separators listed above it will always fail.