Authenticate Service Hooks Requests

santiago · April 12, 2019, 10:46pm

Hi All,

I configured a Service Hook through the API as documented here: https://docs.sentry.io/api/projects/post-project-service-hooks/

When I send an exception to Sentry I see it forwarded to my service hook as expected. So far great, but I don’t know how to authenticate the POST request sent to my service hook. Is there any documentation I could read about it?

I see the POST request sent to my service hook has two headers:
X-ServiceHook-GUID
X-ServiceHook-Signature

According to the service hook signature implementation here:
service-hooks-signature
It looks like the signature is build in a standard way with the secret and the body of the request.

So I tried to use authenticate using the following mechanism:

String signature = HmacUtils.hmacSha256Hex(URLEncoder.encode(secretKey, "UTF-8"), URLEncoder.encode(jsonBody, "UTF-8"));

but the String signature I obtain doesn’t match the header X-ServiceHook-Signature. Anybody knows what I could be doing wrong?

Thanks in advance.

santiago · April 13, 2019, 12:22am

I figured this out, the approach mentioned above is correct. In my case it was failing because the jsonBody I was working with was escaped by the Restful web services framework I was using. Once I got the correct jsonBody (a non-escaped version) I was able to match the signatures.

Leaving this out here for future reference

Topic		Replies	Views
Not seeing "Sentry-Hook-*" headers for WebHook Integrations	2	1266	August 16, 2021
Request body filtered out? SDKs	4	3360	August 25, 2020
Using web hooks URLs Integrations	0	905	September 18, 2019
Sentry for Java Client Projects	0	890	January 1, 2018
Sentry api calls via an api gateway SDKs	1	1589	December 7, 2020

Authenticate Service Hooks Requests

Related Topics