Construct an HMAC request via Postman to send test requests to Celigo webhooks

Kathyana Rule Community moderator Technical Writer

• November 05, 2021 18:49

This post covers constructing an HMAC SH256 Base 64-encoded request via Postman to send test requests to Celigo webhooks. You must use a Pre-request Script to successfully send the request. 

Please note that this solution is out of scope for our Support teams, and Celigo cannot assist with third-party applications and solutions. 

1. Create your webhook listener in integrator.io. In this example, we've made the Key (secret) field: secret
2. In Postman, use the following code to hash the message and encode the hash. Note that the encoding method and hash function used here is from the CryptoJS library, as the algorithm and encoding method should match what you've configured from the webhook. 

postman.setEnvironmentVariable("hmac", CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(request.data, 'secret')).toString(CryptoJS.digest));

The POST URL should include your export ID. For example: 

https://api.integrator.io/v1/exports/<ExportID>/data 

Example Pre-request Script in Postman:

Example headers in Postman: 

Example test with JSON data: 

Example success message: 

0

• Official comment

  

  Kathyana Rule Community moderator Technical Writer

  • February 01, 2022 17:46

  

  

  Hi Paul Siegerist, 

  I asked around and found these steps: 

  1. Generate a token and the public URL in the listener
  2. Send that token to IO using the public URL in the request body.
  3. Provide the JSON path from the request body in the listener so IO knows where to find the token when the webhook request comes from the source.

  There is no standard format for the request body. It's whatever the source system wants to send. All you have to do is send the token to one of the fields. If you don't want to deal with adding the token to the request body, you can use the secret URL authentication type.

  In this case, you just have to do step 1 and use the public URL to send the webhook request to IO. In terms of security, it's pretty much the same.

  I also saw that you received a response to your community post from our CTO, Scott Henderson. 

  Let me know if this isn't clear or you need more assistance. 

  Thanks, 

  Kathyana
• 

  Paul Siegerist

  • January 28, 2022 16:53

  

  

  Kathyana,
  Can you post a similar article (using postman) on the development of a token based listener verification including a complete URL that shows the location of the "token" in the body prior to the data.  I am setting up a webhook as a listener for many transactions to be sent and then imported into NetSuite as they occur at the source.  The source will be an http connection and the transaction queue on the http side may be set to accumulate hundreds of records before it sends via the webhook export.

  Thanks,
  Paul

  0
• 

  Kathyana Rule Community moderator Technical Writer

  • January 31, 2022 17:02

  

  

  Hi Paul Siegerist, 

  I'm going to ask around to see if I can find more information for you. I also saw your post in our community center. I'll reach out when I have more information. 

  Thanks for your patience, 

  Kathyana Rule

  0

Please sign in to leave a comment.