I couldn’t find any python hmac signature verification example, so here it is:
import hmac
def verify_message(id: str, timestamp: str, signature: str, body: bytes):
message = id.encode() + timestamp.encode() + body
hmac_signature = HMAC_PREFIX + \
hmac.new(APP_SECRET.encode(), message, digestmod='sha256').hexdigest()
return hmac.compare_digest(hmac_signature, signature)
The id, timestamp and signature are simply the headers, all as strings, and the body is the body in bytes. If you have it in bytes just remove the ‘.encode()’