Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

docusignapi - HMAC webhook validation, from envelope callback

I read through the instructions here, which works if you're using Connect at the "account level" (i.e. all envelopes get sent through one account).

Our use case involves requiring a customer to log into DocuSign using their own account, so I'm now setting a callback on the envelope. When I receive the callback in this scenario, the HMAC signature headers aren't sent (X-DocuSign-Signature-1, X-DocuSign-Signature-2, etc.).

Has anyone experienced this? I'm in ruby/rails, using the docusign_esign gem, version 2.0.0.

I see an include_hmac parameter in DocuSign_eSign::ConnectCustomConfiguration, but it's not clear to me if you can use a custom configuration with an envelope-level callback.

Any help is appreciated.

question from:https://stackoverflow.com/questions/65852366/hmac-webhook-validation-from-envelope-callback

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The eventNotification object now includes an attribute includeHMAC.

If HMAC is set up at the account level, and includeHMAC is set to "true" then the HMAC headers will be included for per-envelope webhooks.

Unfortunately, the API call for setting up HMAC at the account level is not currently available. So customers need to have account-wide Connect to set the HMAC secret.

HMAC secrets are added and managed via the Connect Keys button in the Connect section of the eSignature Admin app:Connect Keys button


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...