From 114d12fd721f03b77a460e6de096818c0e114bdb Mon Sep 17 00:00:00 2001
From: John Versus <johnvs.nagendra@gmail.com>
Date: Wed, 26 Jul 2023 14:58:54 +0530
Subject: [PATCH] =?UTF-8?q?streams=20sign=20verification=20fix=20=20?=
 =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=94=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/02-streams-api/evm/response-body.md    |  4 +--
 docs/02-streams-api/evm/webhook-security.md | 29 +++++++++++++++++++--
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/docs/02-streams-api/evm/response-body.md b/docs/02-streams-api/evm/response-body.md
index 2dd8beae..ea406716 100644
--- a/docs/02-streams-api/evm/response-body.md
+++ b/docs/02-streams-api/evm/response-body.md
@@ -8,7 +8,7 @@ The body contains the data you are interested in. Logs is in array containing ra
 
 ## How to verify the signature for the received webhook request
 
-In JavaScript or python, you can use this function, for other programming languages you can adapt this code. The secret is the web3api key for your account.
+In JavaScript or python, you can use this function, for other programming languages you can adapt this code. The secret key is the streams secret which you can find in [setting](https://admin.moralis.io/settings) page.
 
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
@@ -37,7 +37,7 @@ def verify_Signature(req, secret):
         raise TypeError("Signature not provided")
     
     data = req.data+secret.encode()
-    signature = Web3.sha3(data).hex()
+    signature = Web3.keccak(text=data.decode()).hex()
     
     if provided_signature != signature: 
         raise ValueError("Invalid Signature")
diff --git a/docs/02-streams-api/evm/webhook-security.md b/docs/02-streams-api/evm/webhook-security.md
index 8354d504..1f52d230 100644
--- a/docs/02-streams-api/evm/webhook-security.md
+++ b/docs/02-streams-api/evm/webhook-security.md
@@ -15,7 +15,13 @@ The signature is sent in the request headers in `headers["x-signature"]` field,
 
 ## How to verify the signature for the received webhook request
 
-In JavaScript you can use this function, for other programming languages you can adapt this code. The secret is the web3api key for your account.
+In JavaScript or python, you can use this function, for other programming languages you can adapt this code. The secret key is the streams secret which you can find in [setting](https://admin.moralis.io/settings) page.
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+<Tabs groupId="programming-language">
+  <TabItem value="javascript" label="index.js (JavaScript)" default>
 
 ```javascript
 const verifySignature = (req, secret) => {
@@ -26,4 +32,23 @@ const verifySignature = (req, secret) => {
     if(generatedSignature !== providedSignature) throw new Error("Invalid Signature")
 
 }
-```
\ No newline at end of file
+```
+
+</TabItem>
+<TabItem value="python" label="index.py (Python)">
+
+```python Python
+def verify_Signature(req, secret):
+    provided_signature = req.headers.get("x-signature")
+    if not provided_signature:
+        raise TypeError("Signature not provided")
+    
+    data = req.data+secret.encode()
+    signature = Web3.keccak(text=data.decode()).hex()
+    
+    if provided_signature != signature: 
+        raise ValueError("Invalid Signature")
+```
+
+</TabItem>
+</Tabs>
\ No newline at end of file