Can't verify Travis webhook signature

I think everything is setup correctly, but the verify check fails.

The code receiving the webhook is here: https://github.com/PuzzledPint/pp-pigpen/blob/master/functions/src/httpsTravisDeploy.ts

Please help!

Thanks!

  • Neal
1 Like

Hey @zyrain did you ever figure this out? I essentially run the same code also running into verification issues. In my case, it works in my own tests but I have a customer sending payloads which do not verify successfully.

If anyone knows how to verify request from Travis Enterprise I would be interested in that too. The docs on verifying webhook requests say

Obtain the public key corresponding to the private key that signed the payload. This is available at the /config endpoint’s config.notifications.webhook.public_key on the relevant API server. (e.g., https://api.travis-ci.com/config)

Would be nice if the docs explain how to figure out the relevant API server? Is it possible to look it up somewhere?

For builds running on https://travis-ci.com, the API server is https://api.travis-ci.com, and for those on https://travis-ci.org, it is https://api.travis-ci.org.

For Enterprise installations, please contact your Enterprise administrator.

1 Like

Thanks for the explanation @BanzaiMan, that helps. Just one question regarding Enterprise can we assume that the endpoint is always under /api as described in the table in the getting started section of the API docs?

Yes. This endpoint should be the same for all Enterprise installations.

1 Like