Authenticate Service Hooks Requests

#1

Hi All,

I configured a Service Hook through the API as documented here: https://docs.sentry.io/api/projects/post-project-service-hooks/

When I send an exception to Sentry I see it forwarded to my service hook as expected. So far great, but I don’t know how to authenticate the POST request sent to my service hook. Is there any documentation I could read about it?

I see the POST request sent to my service hook has two headers:
X-ServiceHook-GUID
X-ServiceHook-Signature

According to the service hook signature implementation here:
service-hooks-signature
It looks like the signature is build in a standard way with the secret and the body of the request.

So I tried to use authenticate using the following mechanism:

String signature = HmacUtils.hmacSha256Hex(URLEncoder.encode(secretKey, "UTF-8"), URLEncoder.encode(jsonBody, "UTF-8"));

but the String signature I obtain doesn’t match the header X-ServiceHook-Signature. Anybody knows what I could be doing wrong?

Thanks in advance.

0 Likes

#2

I figured this out, the approach mentioned above is correct. In my case it was failing because the jsonBody I was working with was escaped by the Restful web services framework I was using. Once I got the correct jsonBody (a non-escaped version) I was able to match the signatures.

Leaving this out here for future reference

0 Likes