Need Help Validating Requests in Channel Pull & Push Integration

We’re currently working on an integration that utilizes Channel Pull & Push functionality. As part of this, we need to validate incoming requests, but we’re facing some challenges in getting the validation steps to work correctly.

Here’s a simplified snippet of our current implementation:

const secretKey = process.env.SECRET_KEY;

const requestURL = 'https://example.com/api/endpoint';

const requestType = 'POST';

const queryParams = JSON.stringify(req.query);

const postBody = JSON.stringify(req.body);

const headers = JSON.stringify(req.headers);

// Generate stringToHash with headers

const stringToHash = `requestURL=${requestURL}&requestType=${requestType}&queryParams=${queryParams}&postBody=${postBody}&headers=${headers}`;

const computedHash = crypto.createHmac('sha256', secretKey).update(stringToHash).digest('hex');

// Generate stringToHash without headers

const stringToHashWithoutHeaders = `requestURL=${requestURL}&requestType=${requestType}&queryParams=${queryParams}&postBody=${postBody}`;

const computedHashWithoutHeaders = crypto.createHmac('sha256', secretKey).update(stringToHashWithoutHeaders).digest('hex');

In both cases, the computed hash doesn’t match the received hash.

Has anyone encountered a similar issue or can provide guidance on how to properly validate requests in this scenario? Any help or suggestions would be greatly appreciated!