Expand my Community achievements bar.

SOLVED

Adobe Cloud Manager API Tutorial Webhook - x-adobe-signature required

Avatar

Level 2

Having gone through all the Tutorial Steps here (https://www.adobe.io/apis/experiencecloud/cloud-manager/docs.html), and having my Slack webhook App in place, when a Pipeline job runs, it does hit the Webhook, however, in the Response Body, I get this (403) error back:
Error: x-adobe-signature HMAC check failed

Has anyone successfully got Adobe Cloud Manager Pipeline notifications working with Slack?  If so, any ideas would be greatly appreciated.

To be clear, I built the App using Glitch.com per the instructions.  The App is working.  My Slack Webhook is working and installed.  Please do not direct me back to the Documentation... I've already completed the tasks and read the documentation numerous times.  Thanks!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi @jasonhampleman: The error that you are encountering is because of a signature mismatch as mentioned in step 2 of the tutorial. However, since you are using Glitch, can you please make sure that the .env file is properly populated, because when you click on "Remix this" it resets the .env file settings. The reset results in a blank CLIENT_SECRET which inturn results into the error - "Error: x-adobe-signature HMAC check failed".

I would advise trying till step 2 with the proper .env file and see if you are still running into the same issue.

View solution in original post

18 Replies

Avatar

Correct answer by
Employee

Hi @jasonhampleman: The error that you are encountering is because of a signature mismatch as mentioned in step 2 of the tutorial. However, since you are using Glitch, can you please make sure that the .env file is properly populated, because when you click on "Remix this" it resets the .env file settings. The reset results in a blank CLIENT_SECRET which inturn results into the error - "Error: x-adobe-signature HMAC check failed".

I would advise trying till step 2 with the proper .env file and see if you are still running into the same issue.

Avatar

Level 2
Thank you for getting back to me! I can confirm that my CLIENT_SECRET is correctly entered in the .env file. It matches the Client Secret for my API Event in Console correctly.

Avatar

Employee

If the CLIENT_SECRET is correctly configured, then can you add some logs here and see what exactly is going wrong. I am unable to reproduce the issue on my end. You can see the logs in Glitch by clicking on Tools > Logs.

As a last resort, can you try and uncomment the signature verification part to see if we can circumvent this problem. Even though this is not recommended, but this will help us pinpoint where things are going wrong.

Avatar

Level 2

Screenshot at Jul 15 10-36-10.pngThanks again for the help. I commented out the Signature Verification portion of the JS in Glitch (index.js file). The Pipeline is hitting my webhook URL as it completes jobs. I now get a 200 success with each (not a 403), however, the Response Body only says "pong" and I get no notifications in Slack. For reference, when I use Curl to hit my Slack App, it works.

Log says:

TypeError: Cannot read property 'event' of undefined
at app.post (index.js:119:26)

Line 119 is:
const event = req.body.event

I've included a screen of .env variables (do not reveal the actual vars) to see if those are okay.

Avatar

Employee

I am not sure what's going wrong at your end. Could you please check what you are getting in the Debug Tracing tab of your console integration (created in step 0).

 

The tutorial has been coded to respond with a simple "pong" message for every event delivered to the webhook, so I don't see any issue here.

however, the Response Body only says "pong" and I get no notifications in Slack


 

I think debug tracing will really help in understanding what is really going on with your integration.

TypeError: Cannot read property 'event' of undefined
at app.post (index.js:119:26)
Line 119 is:
const event = req.body.event


For example, this is what I see for in the "Debug Tracing" tab of my test integration -

request.png

response.png

Avatar

Level 2

Thank you. I've attached my debug results as well. While they are similar to yours and I am getting a 200, it appears that much of the Header information in yours is not being sent in mine. I assume that you are connecting to a Slack App and getting a message there correctly in your test?

 

Screenshot at Jul 16 07-38-03.png

Avatar

Employee

When I posted my debug results, I included a snapshot of both the request and response tabs (see below for a better image). That's where you see the difference of headers. But looking at your traces, it seems that the events are being delivered just fine. 

Regarding the slack integration, I did not test that, but I believe it should work.

 

debug-tracing.jpg

Avatar

Level 2

I really don't know what to do from here! A summary of where I'm at:

In Glitch logs, I get this error:

 

TypeError: Cannot read property '@type' of undefined at app.post (/app/index.js:119:24)

line 119 is: if (STARTED === event['@type'] &&

 

I get no Slack message.

 

What I know is working:

1. My Webhook is active (green) in Adobe Console

2. I get 200 Success.

3. Pipeline updates successfully trigger my Event in console

4. My Slack App is live and working. I can trigger it with a CURL call.

5. My Credentials are included correctly in the .env file in Glitch. I've built this multiple times now with the same result. I used the Step 7 with Slack "Remix This" option and then made sure to add my env vars.

 

I'm running out of ideas.

Avatar

Employee

@jasonhamplemanLooking at https://glitch.com/edit/#!/candy-gifted-hallway, I believe the problem is in how you commented out the signature verification. You appear to have commented out the injection of the body-parser express middleware. The result of this is that the body is, well, not parsed and thus req.body is undefined.

What you should do instead is to have this minimal piece:

 

 

app.use(bodyParser.json());

 

 

In other words, the bit to comment out is actually the object passed to bodyParser.json().Which is essentially going back to what is in Step 1 of the tutorial.

 

So if you wanted to leave that code in place, it would look like

 

 

app.use(bodyParser.json(/*{
  verify: (req, res, buf, encoding) => {
    const signature = req.header('x-adobe-signature')
    if (signature) {
      const hmac = crypto.createHmac('sha256', process.env.CLIENT_SECRET)
      hmac.update(buf)
      const digest = hmac.digest('base64')

      if (signature !== digest) {
        throw new Error('x-adobe-signature HMAC check failed')
      }
    } else if (!process.env.DEBUG && req.method === 'POST') {
      throw new Error('x-adobe-signature required')
    }
  }
}*/))

 

 

As to your original issue, this is a bit of a mystery. I just retested this with a slightly more minimized version of the tutorial code (https://glitch.com/edit/#!/illustrious-peat-candytuf) and was able to check the signature. At the risk of repeating @shikhartanwar , I'd suggest doublechecking the value. I did observe that even adding a space at the end of the value in the Glitch UI can cause this. It wouldn't be a bad idea to trim the variable before passing it to crypto.createHmac().

Avatar

Employee
Ah, OK. So you were able to get the challenge working. The only thing I can suggest at this point would be to log the body. Take a look at lines 117 to 120 of https://glitch.com/edit/#!/easy-melted-dust.

Avatar

Employee
Actually, I might know the reason. Did you select the "Batch" Delivery Style?

Avatar

Level 2
I did in fact select "batch". Shall I pick the other option and retry?

Avatar

Employee
Yes, this code only works with the Single style. I'll update the documentation to reflect this. When you use the Batch style, the body of the POST request is an array, not an object. So if you want to use that style, you'd iterate through the array and process each event. Not a ton more code, but outside the scope of the tutorial.

Avatar

Level 2
Wow! I think that was it. Thank you for the keen eye! I just got my first Slack message (after days of trying)

Avatar

Employee
I've updated the tutorial content to reflect this. For what it is worth, you actually can see this difference in the Debug Tracing screen as indicated by @shikhartanwar although it perhaps a bit subtle -- if you compare @shikhartanwar's screenshots to yours, his show an object whereas yours shown an array. Apologies for missing this.

Avatar

Level 2
Thanks. It is especially subtle when I wasn't sure what I was looking at. One last thing, so I got a Slack message when I started my Pipeline (Code Scanning). However, I didn't get a Slack when it Failed / Ended. My expectation and really the goal for this is for ALL failures to notify me (and the team) via Slack. Should I have gotten more than one Slack message?

Avatar

Employee
It is really up to you. The point of the tutorial is not really to integrate with Slack It's to help you understand how to create your own integration using Slack/Teams as *examples* of things you might want to integrate with. The idea being that once you've gone through the tutorial step by step you have the building blocks necessary to create your own "real" integration. The tutorial code is *only* capturing the started event. If you want to capture a different event, you'll need to adjust the code.