Expand my Community achievements bar.

JOIN US Next Wednesday, 12/6/23 @ 8am PT for the next Community Q&A Coffee Break! Bring your Machine Learning, AI Reporting & Analysis Questions to the chat. Experts Brent Kostak, Cristinel Anastasoaie, & Drew Burns of the Adobe Target Product Team will be providing deep insights and useful tips

Authenticating an event webhook from the hash of the body


Level 2



At the bottom of this page there is a small example of "Javascrip(pseudo-code)" which is entirely unhelpful as it fails to explain the only part of the code that is important to know. Where/how do you get `raw-request-body` from?
At the moment my code looks like...


const validateClientSecret = (req: any) => {
  const secret = secretKey();

  const hmac = crypto.createHmac('sha256', secret);

  const hash = hmac.digest('base64');

  if (req.header('x-adobe-signature') !== hash) {
    // other stuff here...
    return false;

  return true;



If I pass in just `req.body` it throws an exception as `body` is the wrong type. If I use `req.body.toString()` it creates a has but not one matching the header value.
Can someone help me as I'm now not sure if I'm using the right value and checking against the wrong header? Or using the wrong value? Etc...
What I need is to be able to complete the line...


const raw_request_body = ?!?!?!?


If anyone knows how I can do that please could you let me know. Thanks
0 Replies