Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

The 1st edition of the Target Community Lens newsletter is out now! Click to the right to find all the latest updates

Authenticating an event webhook from the hash of the body


Level 2!adobedocs/adobeio-events/master/intro...


At the bottom of this page there is a small example of "Javascrip(pseudo-code)" which is entirely unhelpful as it fails to explain the only part of the code that is important to know. Where/how do you get `raw-request-body` from?
At the moment my code looks like...


const validateClientSecret = (req: any) => {
  const secret = secretKey();

  const hmac = crypto.createHmac('sha256', secret);

  const hash = hmac.digest('base64');

  if (req.header('x-adobe-signature') !== hash) {
    // other stuff here...
    return false;

  return true;



If I pass in just `req.body` it throws an exception as `body` is the wrong type. If I use `req.body.toString()` it creates a has but not one matching the header value.
Can someone help me as I'm now not sure if I'm using the right value and checking against the wrong header? Or using the wrong value? Etc...
What I need is to be able to complete the line...


const raw_request_body = ?!?!?!?


If anyone knows how I can do that please could you let me know. Thanks
0 Replies