Webhook body validation

Christiaan · November 16, 2023, 9:00am

Hi,

I want to validate a webhook based on the body contents.
The webhook sends this:

{
  "Content": {
    "Topic": "Items",
    "ClientId": "342645tgrghdv5wf4",
    "Division": 0000000,
    "Action": "Name",
    "Key": "78934875039hfkahjg0h93q8hfdp9",
    "Endpoint": "https://example.com/api/v1/stuff",
    "EventCreatedOn": "2023-11-16T09:08:12.433"
  },
  "HashCode": "074D58BD6EF7D74D58BD6EF7DC5D7865C5AB58DA64529E4E9F06C1EF2"
}

The HashCode is HMAC SHA256 based on the contents of the Content node.

Problem is, the only hash validations I can find are based on header values.
How could this be accomplished?

Christiaan

Gugi · November 21, 2023, 2:19pm

Hi @Christiaan

Welcome to the Alumio forum.

As you may already know that unfortunately, we currently only support validating signature in the header of the requests.

However, we can understand that the ability to validate signature in request body may be beneficial for other customers too. Therefore, we have passed it on to the team for further discussion.

Could you please let us know whether this issue blocks your integration?

Christiaan · November 23, 2023, 10:06am

Hi @Gugi,

It does not block our integration, it just means we cannot validate the webhooks from Exact Online.
Which is something we would like to see in te near future for security reasons, as you probably can imagine.

r.candrian · November 23, 2023, 10:51am

Hi @Christiaan,

Thank you for your confirmation. Our team has added a story for this feature to their backlogs. Furthermore, we have no estimation yet for this. You can keep monitoring our release notes pages to stay updated on every feature released.