Discussions

I'm running into an issue when trying to compare the HMAC auth keys in my Apex webhook listener. Here is my code:

String wwSig = EncodingUtil.urlEncode(svcURL + req.requestBody.toString(), 'UTF-8');

Blob hmac = Crypto.generateMac('hmacSHA256', Blob.valueOf(wwSig), Blob.valueOf(WaitWhile Secret Key));
String hmacString = EncodingUtil.base64Encode(hmac);

I compare hmacString to the 'X-Waitwhile-Signature' in the headers but I cannot get the values to match.

I tried following the "guide" at https://developers.waitwhile.com/docs/authenticating-webhooks which states, "The signature is created by concatenating webhook URL and payload as a UTF-8 string, and then creating a hash-based message authentication code (HMAC) with SHA-256, encoded using Base64." I think I'm following this correctly but it's not working.

Has anyone successfully used this authentication signature with Salesforce?

Any help would be appreciated.

Also, I know that WaitWhile now has the ability to integrate directly with Salesforce but that is only available on the enterprise version so we cannot use it.

Thank you!