Hi, I have a third party vendor that wants to verify a webhook with a hex-encoded HMAC-SHA256 body towards us in a REST call. How do I decode that one? I see that community commons have a GenerateHMAC_SHA256 https://docs.mendix.com/appstore/modules/community-commons-function-library#4-9-stringutils, where is the reverse function? Have anyone else done something similar? Kind regards Johan
asked
Johan Mattsson
1 answers
3
Hi Johan,
You can't decode it as it's a one way encryption. To validate you need to recreate the the HMAC_SHA256 on your side from the data that has been passed and a shared secret key. You then compare your calculated value to one provided and if they match you know the data hasn't been tampered with.