+ Start a Discussion

Any Integration specialists here who can guide me ?

I am looking for an integration specialist who can guide me . ? 

I need help with code review for generating HMAC signature . 

Raj VakatiRaj Vakati
I am able to help you out .. what is the question .. please post here 
Hello Raj, 

Thanks for responding. 

I have written the code as best as I can according to the documents I have been given to verify HMAC signature. 

I dont feel comfortable posting my code publicly here. Can i reach out to you offline. so that  code with you? 

Use Case: Integrate External Database with Salesforce 

Task: Generate HMAC signature so that the external system authenticates the request coming from  my Salesforce org. 

I have been given two documents. Here is the first document. 

HMAC signature generation verification API
This document enlists endpoints to verify logic for HMAC signature generation. Once, HMAC signature generation logic has been verified through these endpoints, API consumer partner can utilize verified logic for functional endpoints.

POST - /api/billtwo/hmac-verify
GET - /api/billtwo/hmac-verify

These endpoints need to be called in exact manner as for any other functional endpoint including headers and body, as per BillTwo JSON API Guide. These endpoints should not be called using functional HMAC shared secret, and are configured to match signature signed with hard-coded shared secret :

The Response will have following structure. 

Sample Response
    "suppliedHeaders": {
        "X-BillTwo-Act-As-Dealership": [
        "Host": [
        "Accept-Encoding": [
            "gzip, deflate"
        "Date": [
            "Wed, 03 Apr 2019 16:45:19 GMT"
        "Content-MD5": [
        "Authorization": [
            "BillOne F00DSK:qi/e+Z6sfwzux+9FhboeaaM9x6sVZsE7hWavh06s4XY="
        "X-BillTwo-User-ID": [
        "Content-Length": [
        "Content-Type": [
    "body": "{\"name\": \"John Doe\"}",
    "suppliedMd5": "t/nDe/hP6TtSWnknrpDDAQ==",
    "computedMd5": "t/nDe/hP6TtSWnknrpDDAQ==",
    "computedCanonical": "POST\nt/nde/hp6ttswnknrpddaq==\napplication/json\nwed, 03 apr 2019 16:45:19 gmt\nx-BillOne-act-as-dealership:YO4WL\nx-BillOne-user-id:JACKDESKING\n/api/BillOne/hmac-verify\n",
    "suppliedHmacSignature": "qi/e+Z6sfwzux+9FhboeaaM9x6sVZsE7hWavh06s4XY=",
    "computedHmacSignature": "qi/e+Z6sfwzux+9FhboeaaM9x6sVZsE7hWavh06s4XY=",
    "signatureMatching": true,
    "errors": []

This response has supplied headers, body, supplied md5, computed md5, computed canonical string, supplied HMAC signature, computed HMAC signature and error(s), if present.  If there is no error and HMAC signature is signed with preset shared secret, than "signatureMatching" flag will be true. 


The other document covers general use of the BillTwo JSON API endpoints including security and authorization, standard error response format, standard HTTP response codes, etc.
Basically I am trying to AuthenticateRest Request  exactly based on Amazon Web Services