bKash RPP Webhook Signature Validation

webhookSignatureValidation.py

import base64
import hashlib
import hmac

sig = '' // Signature from the payload header
payl = '' // Webhook payload from the body
key = '' // API Key provided by organization 

def is_valid_signature(signature, payload, api_key):
    signature = base64.urlsafe_b64decode(signature)
    print('Signature:')
    print(signature)
	
    key = base64.urlsafe_b64decode(api_key)
	
    digest = hmac.new(key=key, msg=payload, digestmod=hashlib.sha256).digest()
    print('Digest:')
    print(digest)
	
    return hmac.compare_digest(digest, signature)
    
print(is_valid_signature(sig, payl.encode('utf-8'), key))