Assistance Needed for X-Hub-Signature Generation for Alert Webhook
We're currently working on authenticating Domo alert webhooks to trigger a pipeline in a third ETL tool and are having trouble matching the X-Hub-Signature from Domo with our computed signature. Specifically, we're unsure if we are implementing the correct algorithm for generating the signature.
Does anyone have a good idea about the exact algorithm Domo used to generate the X-Hub-Signature for the alert webhook? We want to ensure that our implementation fully aligns with the Domo webhook process for debugging.
For reference, here is the Python script we tried to compute the signature but output a different signature key than one Domo passing and thank you all in advance for your input:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
signature = 'sha512=' + hmac.new(shared_secret.encode(), payload, hashlib.sha512).hexdigest()
print(signature)
Best Answer
-
It appears you are using the wrong hashing algorithm (SHA-512), I believe Domo's webhook uses SHA-1. Try this:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
# Generate HMAC-SHA1 signature
signature = 'sha1=' + hmac.new(shared_secret.encode(), payload, hashlib.sha1).hexdigest()
print(signature)** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0
Answers
-
It appears you are using the wrong hashing algorithm (SHA-512), I believe Domo's webhook uses SHA-1. Try this:
import hmac
import hashlib
# Shared secret key
shared_secret = "the-shared-secret-key"
# Payload data (body of the request)
payload = b'{"name":"dag","id":"47365970","alertId":"4011","message":"","timestamp":"1728455774"}'
# Generate HMAC-SHA1 signature
signature = 'sha1=' + hmac.new(shared_secret.encode(), payload, hashlib.sha1).hexdigest()
print(signature)** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0 -
When comparing the signature from the X-Hub-Signature header with the computed signature, make sure you're using a secure string comparison function to prevent timing attacks.
# Example comparison
received_signature = 'sha1=received-signature-from-domo'
is_valid = hmac.compare_digest(signature, received_signature)
print(is_valid) # True if signatures match, False otherwise** Was this post helpful? Click Agree or Like below. **
** Did this solve your problem? Accept it as a solution! **0
Categories
- All Categories
- 1.8K Product Ideas
- 1.8K Ideas Exchange
- 1.6K Connect
- 1.2K Connectors
- 300 Workbench
- 6 Cloud Amplifier
- 9 Federated
- 2.9K Transform
- 102 SQL DataFlows
- 626 Datasets
- 2.2K Magic ETL
- 3.9K Visualize
- 2.5K Charting
- 753 Beast Mode
- 61 App Studio
- 41 Variables
- 692 Automate
- 177 Apps
- 456 APIs & Domo Developer
- 49 Workflows
- 10 DomoAI
- 38 Predict
- 16 Jupyter Workspaces
- 22 R & Python Tiles
- 398 Distribute
- 115 Domo Everywhere
- 276 Scheduled Reports
- 7 Software Integrations
- 130 Manage
- 127 Governance & Security
- 8 Domo Community Gallery
- 38 Product Releases
- 11 Domo University
- 5.4K Community Forums
- 40 Getting Started
- 30 Community Member Introductions
- 110 Community Announcements
- 4.8K Archive