In this meeting, the State Changers are dealing with challenges of data validation and encryption while working with webhooks from Stripe on Xano. They discovered that Xano automatically interprets incoming JSON data as an object, complicating the process as they needed to treat it as a string. Some strategies discussed include forcing Xano to not automatically convert the incoming JSON, but the system was found to be too aggressive.
An approach using "none" encoding was tried, but the string could not be concatenated, confirming that a bug exists. As a workaround, they considered using Netlify functions for preprocessing and security, but this requires coding knowledge. The preferred solution is to report the bug to Xano, as they believe it should be fixed due to its importance for security. Regarding HMAC key calculations, they clarified that one needs a binary representation of the HMAC key in Xano's function stack. By using a "hex to bin" filter, they successfully passed a precondition check in their program, moving a step ahead in solving their problem. Finally, they briefly touched upon a question related to programmatically setting the "kid", but due to time constraints, they plan to discuss it in the next meeting. Keywords discussed in the meeting include: Xano, Stripe, Netlify, and HMAC.
(Source: Office Hours 11/28 )
