I have written the code as best as I can according to the documents I have been given to verify HMAC signature.
I dont feel comfortable posting my code publicly here. Can i reach out to you offline. so that code with you?
Use Case: Integrate External Database with Salesforce
Task: Generate HMAC signature so that the external system authenticates the request coming from my Salesforce org.
I have been given two documents. Here is the first document. __________________________________________________________________________________________
HMAC signature generation verification API This document enlists endpoints to verify logic for HMAC signature generation. Once, HMAC signature generation logic has been verified through these endpoints, API consumer partner can utilize verified logic for functional endpoints.
Request POST - /api/billtwo/hmac-verify GET - /api/billtwo/hmac-verify
These endpoints need to be called in exact manner as for any other functional endpoint including headers and body, as per BillTwo JSON API Guide. These endpoints should not be called using functional HMAC shared secret, and are configured to match signature signed with hard-coded shared secret : 9PK^:XAvBrl1?jz3^U{7+)){igpCG\"Y;<.3SGy8gX+'6p{|D2#NwI#It8{+@W?>*
This response has supplied headers, body, supplied md5, computed md5, computed canonical string, supplied HMAC signature, computed HMAC signature and error(s), if present. If there is no error and HMAC signature is signed with preset shared secret, than "signatureMatching" flag will be true.
The other document covers general use of the BillTwo JSON API endpoints including security and authorization, standard error response format, standard HTTP response codes, etc.
Thanks for responding.
I have written the code as best as I can according to the documents I have been given to verify HMAC signature.
I dont feel comfortable posting my code publicly here. Can i reach out to you offline. so that code with you?
Use Case: Integrate External Database with Salesforce
Task: Generate HMAC signature so that the external system authenticates the request coming from my Salesforce org.
I have been given two documents. Here is the first document.
__________________________________________________________________________________________
HMAC signature generation verification API
This document enlists endpoints to verify logic for HMAC signature generation. Once, HMAC signature generation logic has been verified through these endpoints, API consumer partner can utilize verified logic for functional endpoints.
Request
POST - /api/billtwo/hmac-verify
GET - /api/billtwo/hmac-verify
These endpoints need to be called in exact manner as for any other functional endpoint including headers and body, as per BillTwo JSON API Guide. These endpoints should not be called using functional HMAC shared secret, and are configured to match signature signed with hard-coded shared secret :
9PK^:XAvBrl1?jz3^U{7+)){igpCG\"Y;<.3SGy8gX+'6p{|D2#NwI#It8{+@W?>*
The Response will have following structure.
Sample Response
{
"suppliedHeaders": {
"X-BillTwo-Act-As-Dealership": [
"YO4WL"
],
"Host": [
"localhost:3874"
],
"Accept-Encoding": [
"gzip, deflate"
],
"Date": [
"Wed, 03 Apr 2019 16:45:19 GMT"
],
"Content-MD5": [
"t/nDe/hP6TtSWnknrpDDAQ=="
],
"Authorization": [
"BillOne F00DSK:qi/e+Z6sfwzux+9FhboeaaM9x6sVZsE7hWavh06s4XY="
],
"X-BillTwo-User-ID": [
"JACKDESKING"
],
"Content-Length": [
"20"
],
"Content-Type": [
"application/json"
]
},
"body": "{\"name\": \"John Doe\"}",
"suppliedMd5": "t/nDe/hP6TtSWnknrpDDAQ==",
"computedMd5": "t/nDe/hP6TtSWnknrpDDAQ==",
"computedCanonical": "POST\nt/nde/hp6ttswnknrpddaq==\napplication/json\nwed, 03 apr 2019 16:45:19 gmt\nx-BillOne-act-as-dealership:YO4WL\nx-BillOne-user-id:JACKDESKING\n/api/BillOne/hmac-verify\n",
"suppliedHmacSignature": "qi/e+Z6sfwzux+9FhboeaaM9x6sVZsE7hWavh06s4XY=",
"computedHmacSignature": "qi/e+Z6sfwzux+9FhboeaaM9x6sVZsE7hWavh06s4XY=",
"signatureMatching": true,
"errors": []
}
This response has supplied headers, body, supplied md5, computed md5, computed canonical string, supplied HMAC signature, computed HMAC signature and error(s), if present. If there is no error and HMAC signature is signed with preset shared secret, than "signatureMatching" flag will be true.
___________________________________________________________________________________________________________
The other document covers general use of the BillTwo JSON API endpoints including security and authorization, standard error response format, standard HTTP response codes, etc.
(https://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html)