Hey guys, so I am making a Facebook messenger bot using the serverless framework (aws lambda). I would like to verify that the requests are coming from Facebook. Luckily, Facebook sends a hash of the request body with each request which I can use to verify, however, the hash they send along is a hash of the raw request body. I need to access the raw request body in order to generate my own hash and see if they match. Does anybody know how I can get that raw request? Thanks. Happy to provide more details if necessary.

If you’re using Lambda Proxy integration (the default) then you can use event.body to access it.

Ok I see @buggy thanks. For some reason, sometimes the hashes match and other times they do not depending on what sort of data is in the request. Would you have any idea why that is? Here is my code for hash matching:

if (event['headers']['X-Hub-Signature']) {
    var sha     = event['headers']['X-Hub-Signature']
    var body    = event.body
    return sha == `sha1=${crypto.createHmac('sha1', config.APP_SECRET).update(body).digest('hex')}`;
}

Hey @badboy did you manage to work this out? Any ideas why it wasn’t working for you?

Cheers
Liam

Hi @badboy, @liamh
Did you guys find a way to do it?