Help

Welcome to the Airtable Community! If you're new here, check out our Getting Started area to get the most out of your community experience.

Webhook MAC signature on Cloudflare Workers

228 2
cancel
Showing results for 
Search instead for 
Did you mean: 

Hey all,

Been trying to implement Airtable webhooks for our company however i've ran into a slight problem with the signature of the webhook itself. No matter how I move things around, encode or decode, it refuses to match the signature provided by Airtable.

The code below generates a HMAC but doesnt match the one provided by Airtable. I cant use the Crypto module since thats Node only which sucks. Is there any secret sauce that im missing from this code? All the docs say is to just decode the base64, shove it into 

Code below:

const decodedMacSecret = atob(webhookConfig.macSecretBase64);

const encoder = new TextEncoder();
const data = encoder.encode(bodyText);

const hmacKey = await crypto.subtle.importKey(
  'raw',
  encoder.encode(decodedMacSecret),
  {
    name: 'HMAC',
    hash: { name: 'SHA-256' },
  },
  false,
  ['sign']
);

const hmac = await crypto.subtle.sign(
  'HMAC',
  hmacKey,
  data
);

const expectedContentHmac = 'hmac-sha256=' + Array.prototype.map.call(new Uint8Array(hmac), x => ('00' + x.toString(16)).slice(-2)).join('');
2 Replies 2

So that I’m understanding correctly - are you referring to an Airtable Automation webhook trigger? If so, they accept a JSON body without nested objects. I use the app Postman when testing and setting them up. 

@Cerulean- have you solved this?  We can help