Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

docusignapi - HMAC webhook validation, from envelope callback

I read through the instructions here, which works if you're using Connect at the "account level" (i.e. all envelopes get sent through one account).

Our use case involves requiring a customer to log into DocuSign using their own account, so I'm now setting a callback on the envelope. When I receive the callback in this scenario, the HMAC signature headers aren't sent (X-DocuSign-Signature-1, X-DocuSign-Signature-2, etc.).

Has anyone experienced this? I'm in ruby/rails, using the docusign_esign gem, version 2.0.0.

I see an include_hmac parameter in DocuSign_eSign::ConnectCustomConfiguration, but it's not clear to me if you can use a custom configuration with an envelope-level callback.

Any help is appreciated.

question from:https://stackoverflow.com/questions/65852366/hmac-webhook-validation-from-envelope-callback

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

The eventNotification object now includes an attribute includeHMAC.

If HMAC is set up at the account level, and includeHMAC is set to "true" then the HMAC headers will be included for per-envelope webhooks.

Unfortunately, the API call for setting up HMAC at the account level is not currently available. So customers need to have account-wide Connect to set the HMAC secret.

HMAC secrets are added and managed via the Connect Keys button in the Connect section of the eSignature Admin app:Connect Keys button


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...