Ask a Question
Back to All

Issue with Webhook Auth and Salesforce

I'm running into an issue when trying to compare the HMAC auth keys in my Apex webhook listener. Here is my code:

String wwSig = EncodingUtil.urlEncode(svcURL + req.requestBody.toString(), 'UTF-8');

Blob hmac = Crypto.generateMac('hmacSHA256', Blob.valueOf(wwSig), Blob.valueOf(WaitWhile Secret Key));
String hmacString = EncodingUtil.base64Encode(hmac);

I compare hmacString to the 'X-Waitwhile-Signature' in the headers but I cannot get the values to match.

I tried following the "guide" at https://developers.waitwhile.com/docs/authenticating-webhooks which states, "The signature is created by concatenating webhook URL and payload as a UTF-8 string, and then creating a hash-based message authentication code (HMAC) with SHA-256, encoded using Base64." I think I'm following this correctly but it's not working.

Has anyone successfully used this authentication signature with Salesforce?

Any help would be appreciated.

Also, I know that WaitWhile now has the ability to integrate directly with Salesforce but that is only available on the enterprise version so we cannot use it.

Thank you!