public static bool VerifyWebhook(string deliveryTimestamp, string signaturePrimary, string signatureSecondary, string payload,
string primaryWebhookKey, string secondaryWebhookKey)
{
var primaryKeyBytes = Encoding.UTF8.GetBytes(primaryWebhookKey);
var secondaryKeyBytes = Encoding.UTF8.GetBytes(secondaryWebhookKey);
var bodyBytes = Encoding.UTF8.GetBytes(payload);
var allBytes = bodyBytes.Concat(Encoding.UTF8.GetBytes(deliveryTimestamp)).ToArray();
using (var hmacsha256Primary = new HMACSHA256(primaryKeyBytes))
using (var hmacsha256Secondary = new HMACSHA256(secondaryKeyBytes))
{
byte[] hashBytes = hmacsha256Primary.ComputeHash(allBytes);
var hashPrimary = Convert.ToBase64String(hashBytes);
hashBytes = hmacsha256Secondary.ComputeHash(allBytes);
var hashSecondary = Convert.ToBase64String(hashBytes);
if (hashPrimary != signaturePrimary && hashSecondary != signatureSecondary)
{
return false;
}
}
return true;
}
}