Expand my Community achievements bar.

Authenticating an event webhook from the hash of the body

Avatar

Level 2

https://www.adobe.io/apis/experienceplatform/events/docs.html#!adobedocs/adobeio-events/master/intro...

 

At the bottom of this page there is a small example of "Javascrip(pseudo-code)" which is entirely unhelpful as it fails to explain the only part of the code that is important to know. Where/how do you get `raw-request-body` from?
At the moment my code looks like...

 

const validateClientSecret = (req: any) => {
  const secret = secretKey();

  const hmac = crypto.createHmac('sha256', secret);
 
  hmac.update(req.body.toString());

  const hash = hmac.digest('base64');

  if (req.header('x-adobe-signature') !== hash) {
    // other stuff here...
    return false;
  }

  return true;
};

 

 

If I pass in just `req.body` it throws an exception as `body` is the wrong type. If I use `req.body.toString()` it creates a has but not one matching the header value.
Can someone help me as I'm now not sure if I'm using the right value and checking against the wrong header? Or using the wrong value? Etc...
What I need is to be able to complete the line...

 

const raw_request_body = ?!?!?!?

 

If anyone knows how I can do that please could you let me know. Thanks
0 Replies