HMAC SHA1 in Webhooks

Is there anything besides the secret and the payload needed as inputs to generate the x-tdx-signature hash?

This is the only documentation that I could find, "X-Tdx-Signature: An SHA-1 HMAC hash of the payload using the Secret field in the webhook definition. This allows you to verify that the webhook call is legitimately sent from TeamDynamix."

I have a process outside of TDX or iPaaS to use the webhook secret and JSON body sent in the request to create a MAC SHA1 hash but it has yet to match the x-tdx-signature sent in the request header of the webhook.

I have tried online HMAC generators and they don't match the x-tdx-signature either.

Any ideas of what I am missing?

Asked by Bobby Jones on Wed 7/10/24 12:20 PM

My issue had to do with white-space and special characters in the Description field. In the Webhook Execution Details window, the Body that is presented in the Request tab doesn't exactly match the formatting of what is actually being sent. Once I stripped out the white-space and special characters in the Description field that was being sent, I was able to match the HMAC Sha-1 hash. - Bobby Jones Mon 7/22/24 5:08 PM

Answer (1)

Mark Sayers Wed 7/24/24 10:50 AM

Reposting this as an answer:

No feedback

My additional comment was a general statement trying to emphasize that the formatting has to exactly match for the hashing to work. Control characters that generate carriage returns, new lines, inline images, etc. are tricky because each ticket description can have different formatting dependent upon the source of the email that generated the ticket. So a blanket removal of special characters hasn't always worked. It would be helpful if there was technical documentation about this process similar to how APIs are documented. - Bobby Jones Wed 7/24/24 12:05 PM