Construct an HMAC request via Postman to send test requests to Celigo webhooks
This post covers constructing an HMAC SH256 Base 64-encoded request via Postman to send test requests to Celigo webhooks. You must use a Pre-request Script to successfully send the request.
Please note that this solution is out of scope for our Support teams, and Celigo cannot assist with third-party applications and solutions.
- Create your webhook listener in integrator.io. In this example, we've made the Key (secret) field: secret
- In Postman, use the following code to hash the message and encode the hash. Note that the encoding method and hash function used here is from the CryptoJS library, as the algorithm and encoding method should match what you've configured from the webhook.
postman.setEnvironmentVariable("hmac", CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(request.data, 'secret')).toString(CryptoJS.digest));
The POST URL should include your export ID. For example:
https://api.integrator.io/v1/exports/<ExportID>/data
Example Pre-request Script in Postman:
Example headers in Postman:
Example test with JSON data:
Example success message:
-
Official comment
Hi Paul Siegerist,
I asked around and found these steps:
- Generate a token and the public URL in the listener
- Send that token to IO using the public URL in the request body.
- Provide the JSON path from the request body in the listener so IO knows where to find the token when the webhook request comes from the source.
There is no standard format for the request body. It's whatever the source system wants to send. All you have to do is send the token to one of the fields. If you don't want to deal with adding the token to the request body, you can use the secret URL authentication type.
In this case, you just have to do step 1 and use the public URL to send the webhook request to IO. In terms of security, it's pretty much the same.
I also saw that you received a response to your community post from our CTO, Scott Henderson.
Let me know if this isn't clear or you need more assistance.
Thanks,
Kathyana
-
Kathyana,
Can you post a similar article (using postman) on the development of a token based listener verification including a complete URL that shows the location of the "token" in the body prior to the data. I am setting up a webhook as a listener for many transactions to be sent and then imported into NetSuite as they occur at the source. The source will be an http connection and the transaction queue on the http side may be set to accumulate hundreds of records before it sends via the webhook export.Thanks,
Paul0 -
Hi Paul Siegerist,
I'm going to ask around to see if I can find more information for you. I also saw your post in our community center. I'll reach out when I have more information.
Thanks for your patience,
Kathyana Rule
0 -
hey i tried your example but i m getting 401 error unauthorized
0 -
Can you help me out please
0 -
Can you reply Kathyana Queeman to me
im using this fucntionality of HMAC im very new to it please help me out
i treid your example but im getting 401 error
0 -
Can you give me more details about your use case? When you ask about invoking setup in Celigo, do you mean setting up the listener?
Thanks,
Kathyana
0 -
what value u set in secret how it is being taken in postman
give detail step by step im getting 401 error
0 -
how it is referred in header through that script Kathyana Queeman
0 -
I see you're getting some help from Om in another post. We'll continue to respond in that post so we don't try the same solutions multiple times.
Thanks,
Kathyana
0 -
IT is working fine
0
Please sign in to leave a comment.
Comments
11 comments