Assistance Needed for X-Hub-Signature Generation for Alert Webhook
We're currently working on authenticating Domo alert webhooks to trigger a pipeline in a third ETL tool and are having trouble matching the X-Hub-Signature from Domo with our computed signature. Specifically, we're unsure if we are implementing the correct algorithm for generating the signature.
Does anyone have a good idea about the exact algorithm Domo used to generate the X-Hub-Signature for the alert webhook? We want to ensure that our implementation fully aligns with the Domo webhook process for debugging.
For reference, here is the Python script we tried to compute the signature but output a different signature key than one Domo passing and thank you all in advance for your input:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
signature = 'sha512=' + hmac.new(shared_secret.encode(), payload, hashlib.sha512).hexdigest()
print(signature)
Best Answer
-
It appears you are using the wrong hashing algorithm (SHA-512), I believe Domo's webhook uses SHA-1. Try this:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
# Generate HMAC-SHA1 signature
signature = 'sha1=' + hmac.new(shared_secret.encode(), payload, hashlib.sha1).hexdigest()
print(signature)** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0
Answers
-
It appears you are using the wrong hashing algorithm (SHA-512), I believe Domo's webhook uses SHA-1. Try this:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
# Generate HMAC-SHA1 signature
signature = 'sha1=' + hmac.new(shared_secret.encode(), payload, hashlib.sha1).hexdigest()
print(signature)** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0 -
When comparing the signature from the X-Hub-Signature header with the computed signature, make sure you're using a secure string comparison function to prevent timing attacks.
# Example comparison
received_signature = 'sha1=received-signature-from-domo'
is_valid = hmac.compare_digest(signature, received_signature)
print(is_valid) # True if signatures match, False otherwise** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0
Categories
- All Categories
- 1.8K Product Ideas
- 1.8K Ideas Exchange
- 1.5K Connect
- 1.2K Connectors
- 300 Workbench
- 6 Cloud Amplifier
- 8 Federated
- 2.9K Transform
- 100 SQL DataFlows
- 616 Datasets
- 2.2K Magic ETL
- 3.8K Visualize
- 2.5K Charting
- 737 Beast Mode
- 55 App Studio
- 40 Variables
- 684 Automate
- 176 Apps
- 452 APIs & Domo Developer
- 46 Workflows
- 10 DomoAI
- 35 Predict
- 14 Jupyter Workspaces
- 21 R & Python Tiles
- 394 Distribute
- 113 Domo Everywhere
- 275 Scheduled Reports
- 6 Software Integrations
- 123 Manage
- 120 Governance & Security
- 8 Domo Community Gallery
- 38 Product Releases
- 10 Domo University
- 5.4K Community Forums
- 40 Getting Started
- 30 Community Member Introductions
- 108 Community Announcements
- 4.8K Archive