Help

Re: Webhook MAC signature on Cloudflare Workers

1486 0
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Cerulean-
4 - Data Explorer
4 - Data Explorer
See Solution in Thread

‎Jan 01, 2023 06:16 AM

Hey all,

Been trying to implement Airtable webhooks for our company however i've ran into a slight problem with the signature of the webhook itself. No matter how I move things around, encode or decode, it refuses to match the signature provided by Airtable.

The code below generates a HMAC but doesnt match the one provided by Airtable. I cant use the Crypto module since thats Node only which sucks. Is there any secret sauce that im missing from this code? All the docs say is to just decode the base64, shove it into 

Code below:

const decodedMacSecret = atob(webhookConfig.macSecretBase64);

const encoder = new TextEncoder();
const data = encoder.encode(bodyText);

const hmacKey = await crypto.subtle.importKey(
  'raw',
  encoder.encode(decodedMacSecret),
  {
    name: 'HMAC',
    hash: { name: 'SHA-256' },
  },
  false,
  ['sign']
);

const hmac = await crypto.subtle.sign(
  'HMAC',
  hmacKey,
  data
);

const expectedContentHmac = 'hmac-sha256=' + Array.prototype.map.call(new Uint8Array(hmac), x => ('00' + x.toString(16)).slice(-2)).join('');
0 Kudos
Reply
3 Replies 3
Karlstens
11 - Venus
11 - Venus
See Solution in Thread

‎Jan 02, 2023 03:26 AM

So that I’m understanding correctly - are you referring to an Airtable Automation webhook trigger? If so, they accept a JSON body without nested objects. I use the app Postman when testing and setting them up. 

0 Kudos
Reply
Andres_at_Conne
7 - App Architect
7 - App Architect
See Solution in Thread

‎Jan 04, 2023 09:51 AM

@Cerulean- have you solved this?  We can help

0 Kudos
Reply
masiley
4 - Data Explorer
4 - Data Explorer
See Solution in Thread

‎Mar 06, 2024 08:09 AM

Hi,

I am having an issue to match the airtable-content-mac from the header with the one a computed.

const decodedMacSecret = atob('macSecretBase64'); //macSecretBase64 from create webhook
const body = `{
  "base": {
    "id": "appjRdIX59U4YEy4l"
  },
  "webhook": {
    "id": "achXH94CxHYGdUcje"
  },
  "timestamp": "2024-03-06T00:32:58.992Z"
}`

const hmac = createHmac('sha256', decodedMacSecret);
console.log(body)
hmac.update(body.toString(), 'ascii'); // I also tried JSON.stringify(body); 
console.log('received header: hmac-sha256=0fb79298bc57a45a34ca1d04f5237fd4a9a9223fd5c90cc04f35d3c3890180cc');
console.log('computed:        hmac-sha256=' + hmac.digest('hex'));

Thanks

 

0 Kudos
Reply
Copyright © 2024 Khoros, LLC