Recent searches

No recent searches

Webhook API Verification in Azure Function

image avatar

Tony Smith

Posted Mar 08, 2024

I am trying to add security to our webhook call but I can't figure out what I need for the body of the request. The example talks about a middleware to get rawBody but I don't have access to that. I tried using .json() but it isn't creating a valid signature.

Here are the options for getting the body of a request...

arrayBuffer() returns Promise<ArrayBuffer>
blob() returns Promise<Blob>
formData() returns Promise<FormData>
json() returns Promise<unknown>
text() returns Promise<string>

export async function zendeskHook(request: HttpRequest, context: InvocationContext): Promise<HttpResponseInit> {
const headers = Object.fromEntries(request.headers.entries());

const signature = headers['x-zendesk-webhook-signature'];
const timestamp = headers['x-zendesk-webhook-signature-timestamp'];
const requestData: any =await request.json();
const validSign =isValidSignature(signature.toString(), timestamp, requestData);

 

function isValidSignature(signature, body, timestamp) {
console.log(body);
let hmac = crypto.createHmac('sha256', process.env.ZendeskSecret);
let sig = hmac.update(timestamp + body).digest('base64');
return Buffer.compare(Buffer.from(signature), Buffer.from(sig.toString('base64'))) ===0;
}


Result
{
    "sig": "ye2uzjct14Laj8doyeeyPCCgpWeOjIwzVxRY9unbhDo=",
    "time": "2024-03-08T12:34:55Z",
    "bod": {
        "id": "81823",
        "tags": "order cs_afterhours customer-success"
    },
    "verify": false
}

0

1

1 comment

Date
    image avatar

    Tipene Hughes

    Zendesk Developer Advocacy

    Hi Tony,
     
    Would you mind sharing a link to the example you're referencing so I can be sure that I'm giving you the correct information.
     
    Thanks,
     
    Tipene

    0

    Please sign in to leave a comment.

    Didn't find what you're looking for?

    New post