We have been implementing an integration app to sync data between simpro and another third party application using simPRO webhook. The system hosted on AWS API gateway and need to authorize the message coming from the simPRO webhook. The AWS authorization function is a ".net core" function that hashes the request body using the webhook's secret. However, every time we receive the payload, it denies returning 200 response because the secrets are not the same. The API document mentioned that the response body needs to be hashed with the secret and what we hash is the below payload using the secret:
{
"ID": "site.updated",
"build": "CompanyName.simprosuite.com",
"description": "Site #9230 has been updated.",
"name": "Site",
"action": "updated",
"reference": {
"companyID": 7,
"siteID": 9230
},
"date_triggered": "2021-02-15T10:20:56\u002B10:00"
}
The question is, what is the response body? What do we need to hash instead of the above payload?
Regards,
Message Verification
Forum rules
- Check the documentation first. Before posting questions, please check the documentation to ensure it doesn't already cover what you need.
- No spam. All automated messages, advertisements, and links to competitor websites will be deleted immediately.
- Post in relevant sub-forums only. Messages posted in the wrong topic area will be removed and placed in the correct sub-forum by moderators.
- Respect other users. No flaming or abusing fellow forum members. Users who continue to post inflammatory, abusive comments will be deleted from the forum after two warnings are issued by moderators.
- Harassment. No threats or harassment of other users will be tolerated. Any instance of threatening or harassing behavior is grounds for deletion from the forums.
- Adult content. No profanity or pornography is allowed. Posts containing adult material will be deleted.
- Bandwidth. All images and signatures must be 500 x 500 pixels or smaller. Posts containing over-sized images and signatures will be removed.
- Illegal content. No re-posting of copyrighted materials or other illegal content is allowed. Any posts containing illegal content or copyrighted materials will be deleted.
Re: Message Verification
Please follow the similar logic described below in your preferred programming language.
The response body (which should be referred correctly as request body) is the json data which needs to be hashed with the secret given during webhook setup.
Code: Select all
$webhookSecret = 'SECRET'; // Defined in webhook setup
$headerSignatureHash = $headers['X-Response-Signature']; // Webhook message header
/** @var $message webhook request body */
if (!hash_equals($headerSecret, hash_hmac('sha1', $message, $webhookSecret))) {
throw new \Exception('Hashes do not match');
}
// Continue processing the webhook
...
...
Muqeet
API Developer | simPRO Software Group
API Developer | simPRO Software Group
Re: Message Verification
Make sure the request body is converted to json encoded string if its not already.
Muqeet
API Developer | simPRO Software Group
API Developer | simPRO Software Group
Re: Message Verification
Thanks for your response. The issue is the SHA1 algorithm is different from PHP. Have you got a solution or code example to fix this issue?
Best regards,
Amir
Best regards,
Amir
Re: Message Verification
You need to look for a solution to hash the json encoded string with SHA1 algorithm in your preferred programming language.
Muqeet
API Developer | simPRO Software Group
API Developer | simPRO Software Group
-
- Posts: 4
- Joined: Fri Feb 10, 2023 11:22 am
Re: Message Verification
Does anyone have an example for node.js?
thank you
thank you
Re: Message Verification
Any java examples available?