Integrations & HMAC Authentication #1975
-
Hi There, Firstly, I absolutely ❤️ Semaphore. I’ve been using it for a couple of years now and the recent additions of the Integration API and OAuth are a huge help. Thank you 🙏 One quick bit of help if anyone has experience with this? I am working on using an Integration to trigger a Template to run and I want to use HMAC Authentication. Is there any guidance about the HTTP request format for this to allow me to calculate the HMAC signature correctly? In my case, I don’t need to send anything in the request body to the Integration, I simply want to have the HTTP request trigger the template to run. So if there is no request body, what do I use as the input string for the HMAC signature calculation? I have deduced that the algorithm should be sha256 and I have configured the Integration the expect the signature in the “authsig” header.
I’m assuming that the Content Type should be application/json even though there is no body. I’m also assuming I should make a POST request. If examples of what I’ve done so would be useful, I’ll add some. Thanks, Jack 🙏 |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Ok I got there in the end. 2 things I was doing wrong:
{"x-match-task":"task-name"} and then setup the Matcher on my Integration to match.
{"Authentication-Header":"hmac-siganture"} where Authentication-Header is what you configured in the "Auth header" section of your Integration and hmac-signature is the computed hmac signature based on the payload and secret key. To make a call to the Integrations API using nodejs, use something like: /* Hacked together using examples from Stack Overflow 👍 */
const axios = require('axios');
const crypto = require('crypto');
// Set method and path for the request
let method = 'POST';
let path = '/api/integrations/xxxxxxxxxx';
let body = {"x-match-task":"my-task"};
let secret = 'MySecretKey';
const hash = crypto.createHmac('sha256', secret).update(JSON.stringify(body)).digest('hex');
const options = {
method: method,
url: 'https://semui.com' + path,
headers: {
'Content-Type': 'application/json',
'authsig': hash
},
data: JSON.stringify(body)
}
// Initiate request
axios(options)
.then(function (response) {
console.log("Success: " + response.status);
})
.catch(function (error) {
if (error.response) {
// The request was made and the server responded with a status code
// that falls out of the range of 2xx
console.log(error.response.data);
console.log(error.response.status);
console.log(error.response.headers);
} else if (error.request) {
// The request was made but no response was received
console.log(error.request);
} else {
// Something happened in setting up the request that triggered an Error
console.log('Error', error.message);
}
}); I will add a curl example once I have one that works :) |
Beta Was this translation helpful? Give feedback.
Ok I got there in the end. 2 things I was doing wrong:
and then setup the Matcher on my Integration to match.
sha256=
however this is not the case for a straight HMAC Integration. It requires no prefix and looks like this:where Authentication-Header is what you configured in the "Auth header" section of your Integration and …