Expand my Community achievements bar.

Join us for an upcoming in-person Adobe Target Skill Builders event ~~> We're hosting these live learning opportunities to equip you with the knowledge and skills to leverage Target successfully. Learn more to see if we'll be coming to a city near you!
Learn more

Authenticating an event webhook from the hash of the body

Avatar

Level 2
Level 2
1/24/20 5:08:50 AM

https://www.adobe.io/apis/experienceplatform/events/docs.html#!adobedocs/adobeio-events/master/intro...

 

At the bottom of this page there is a small example of "Javascrip(pseudo-code)" which is entirely unhelpful as it fails to explain the only part of the code that is important to know. Where/how do you get `raw-request-body` from?
At the moment my code looks like...

 

const validateClientSecret = (req: any) => {
  const secret = secretKey();

  const hmac = crypto.createHmac('sha256', secret);
 
  hmac.update(req.body.toString());

  const hash = hmac.digest('base64');

  if (req.header('x-adobe-signature') !== hash) {
    // other stuff here...
    return false;
  }

  return true;
};

 

 

If I pass in just `req.body` it throws an exception as `body` is the wrong type. If I use `req.body.toString()` it creates a has but not one matching the header value.
Can someone help me as I'm now not sure if I'm using the right value and checking against the wrong header? Or using the wrong value? Etc...
What I need is to be able to complete the line...

 

const raw_request_body = ?!?!?!?

 

If anyone knows how I can do that please could you let me know. Thanks

Views

870

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
0 Replies