Adobe Cloud Manager API Tutorial Webhook - x-adobe-signature required

Question

Having gone through all the Tutorial Steps here (https://www.adobe.io/apis/experiencecloud/cloud-manager/docs.html), and having my Slack webhook App in place, when a Pipeline job runs, it does hit the Webhook, however, in the Response Body, I get this (403) error back:
Error: x-adobe-signature HMAC check failed

Has anyone successfully got Adobe Cloud Manager Pipeline notifications working with Slack? If so, any ideas would be greatly appreciated.

To be clear, I built the App using Glitch.com per the instructions. The App is working. My Slack Webhook is working and installed. Please do not direct me back to the Documentation... I've already completed the tasks and read the documentation numerous times. Thanks!

shikhartanwar · Accepted Answer

Hi @jasonhampleman: The error that you are encountering is because of a signature mismatch as mentioned in step 2 of the tutorial. However, since you are using Glitch, can you please make sure that the .env file is properly populated, because when you click on "Remix this" it resets the .env file settings. The reset results in a blank CLIENT_SECRET which inturn results into the error - "Error: x-adobe-signature HMAC check failed".

I would advise trying till step 2 with the proper .env file and see if you are still running into the same issue.

JustinEd3 · Answer

@jasonhamplemanLooking at https://glitch.com/edit/#!/candy-gifted-hallway, I believe the problem is in how you commented out the signature verification. You appear to have commented out the injection of the body-parser express middleware. The result of this is that the body is, well, not parsed and thus req.body is undefined.

What you should do instead is to have this minimal piece:

app.use(bodyParser.json());

In other words, the bit to comment out is actually the object passed to bodyParser.json().Which is essentially going back to what is in Step 1 of the tutorial.

So if you wanted to leave that code in place, it would look like

app.use(bodyParser.json(/*{
  verify: (req, res, buf, encoding) => {
    const signature = req.header('x-adobe-signature')
    if (signature) {
      const hmac = crypto.createHmac('sha256', process.env.CLIENT_SECRET)
      hmac.update(buf)
      const digest = hmac.digest('base64')

      if (signature !== digest) {
        throw new Error('x-adobe-signature HMAC check failed')
      }
    } else if (!process.env.DEBUG && req.method === 'POST') {
      throw new Error('x-adobe-signature required')
    }
  }
}*/))

As to your original issue, this is a bit of a mystery. I just retested this with a slightly more minimized version of the tutorial code (https://glitch.com/edit/#!/illustrious-peat-candytuf) and was able to check the signature. At the risk of repeating @shikhartanwar , I'd suggest doublechecking the value. I did observe that even adding a space at the end of the value in the Glitch UI can cause this. It wouldn't be a bad idea to trim the variable before passing it to crypto.createHmac().

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded