We’ve been integrating the webhooks the last few weeks and so far all incoming requests have been verified successfully using the HMAC in the request header. Strangely enough the “order canceled” webhook can not be verified. I’ve confirmed this by using an external tool like Free HMAC-SHA256 Online Generator Tool | Devglan and even using the Python example from your docs. The HMAC in the request always seems to be different than what we’re computing.
Could someone confirm they’re seeing the same thing?
As the verification uses our API secret I’m not sure if I can share more information.