Assistance Needed for X-Hub-Signature Generation for Alert Webhook
We're currently working on authenticating Domo alert webhooks to trigger a pipeline in a third ETL tool and are having trouble matching the X-Hub-Signature from Domo with our computed signature. Specifically, we're unsure if we are implementing the correct algorithm for generating the signature.
Does anyone have a good idea about the exact algorithm Domo used to generate the X-Hub-Signature for the alert webhook? We want to ensure that our implementation fully aligns with the Domo webhook process for debugging.
For reference, here is the Python script we tried to compute the signature but output a different signature key than one Domo passing and thank you all in advance for your input:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
signature = 'sha512=' + hmac.new(shared_secret.encode(), payload, hashlib.sha512).hexdigest()
print(signature)
Best Answer
-
It appears you are using the wrong hashing algorithm (SHA-512), I believe Domo's webhook uses SHA-1. Try this:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
# Generate HMAC-SHA1 signature
signature = 'sha1=' + hmac.new(shared_secret.encode(), payload, hashlib.sha1).hexdigest()
print(signature)** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0
Answers
-
It appears you are using the wrong hashing algorithm (SHA-512), I believe Domo's webhook uses SHA-1. Try this:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
# Generate HMAC-SHA1 signature
signature = 'sha1=' + hmac.new(shared_secret.encode(), payload, hashlib.sha1).hexdigest()
print(signature)** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0 -
When comparing the signature from the X-Hub-Signature header with the computed signature, make sure you're using a secure string comparison function to prevent timing attacks.
# Example comparison
received_signature = 'sha1=received-signature-from-domo'
is_valid = hmac.compare_digest(signature, received_signature)
print(is_valid) # True if signatures match, False otherwise** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0
Categories
- All Categories
- 1.9K Product Ideas
- 1.9K Ideas Exchange
- 1.6K Connect
- 1.3K Connectors
- 303 Workbench
- 6 Cloud Amplifier
- 9 Federated
- 3K Transform
- 104 SQL DataFlows
- 640 Datasets
- 2.2K Magic ETL
- 4K Visualize
- 2.5K Charting
- 769 Beast Mode
- 72 App Studio
- 43 Variables
- 718 Automate
- 185 Apps
- 462 APIs & Domo Developer
- 57 Workflows
- 14 DomoAI
- 40 Predict
- 17 Jupyter Workspaces
- 23 R & Python Tiles
- 402 Distribute
- 116 Domo Everywhere
- 277 Scheduled Reports
- 9 Software Integrations
- 135 Manage
- 132 Governance & Security
- 8 Domo Community Gallery
- 44 Product Releases
- 12 Domo University
- 5.4K Community Forums
- 40 Getting Started
- 30 Community Member Introductions
- 111 Community Announcements
- 4.8K Archive