This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 6%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
I am currently testing Azure Communication Services. My aim is to create a logic app or function that, when triggered, dispatches a call to a certain subset of people.
EDIT: my subscription and ressources reside in the west europe region, the phone number i am using is from united kingdom.
For that i am currently trying to create a call by calling the API via Postman but get the following error:
{
"error": {
"code": "7509",
"message": "HMAC-SHA256 validation failed"
}
}
However i am having trouble understanding the authorization or suspect i am doing something wrong either here or with HMAC.
The ACS-API im calling:
https://xxx.germany.communication.azure.com/calling/callConnections?api-version=2024-11-15-preview
I have no Authorization header explicetly added but am using a pre-request script:
// Set the Date header to our Date as a UTC String.
const dateStr = new Date().toUTCString();
// Hash the request body using SHA256 and encode it as Base64
const hashedBodyStr = CryptoJS.SHA256(pm.request.body.raw).toString()
const hashedBodyStr2 = CryptoJS.SHA256(pm.request.body.raw).toString()
// And add that to the header x-ms-content-sha256
// Get our previously specified endpoint variable
const endpoint = "https://XXX.germany.communication.azure.com"
// Remove the https, prefix to create a suitable "Host" value
const hostStr = 'XXX.germany.communication.azure.com'
// This gets the part of our URL that is after the endpoint, for example in https://contoso.communication.azure.com/sms, it will get '/sms'
const url = '/calling/callConnections'
// Construct our string which we'll sign, using various previously created values.
const stringToSign = pm.request.method + '\n' + url + '\n' + dateStr + ';' + hostStr + ';' + hashedBodyStr;
// Decode our access key from previously created variables, into bytes from base64.
const key = CryptoJS.enc.Base64.parse('ACS-IDENTITY-USER-ACCESS-TOKEN');
// Sign our previously calculated string with HMAC 256 and our key. Convert it to Base64.
const signature = CryptoJS.HmacSHA256(stringToSign, key).toString();
// Add our final signature in Base64 to the authorization header of the request.
pm.request.headers.upsert({
key: 'x-ms-date',
value:dateStr
})
pm.request.headers.upsert({
key: 'host',
value:hostStr
})
pm.request.headers.upsert({
key:'x-ms-content-sha256',
value: hashedBodyStr
});
pm.request.headers.upsert({
key:'Authorization',
value: "HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature=" + signature
});
If my unerstanding is correct, after the authorization is successfull i should be able to create a call with this body (though i also went through different versions of this and there might be something wrong here too):
{
"callbackUri": "https://XXX.germany.communication.azure.com/callback",
"targets": [
{
"phoneNumber": {
"value": "TARGET PHONE NUMBER +49XXXXXXXXX"
}}
],
"source": {
"communicationUser": {
"id": "ACS-IDENTITY-ID"
}
},
"properties": {
"isMuted": false,
"isScreenShareMuted": false
}
}
Why i am using a pre-request script?
{
"error": {
"code": "7510",
"message": "Denied by the resource provider."
}
}
When im refering to ACS-IDENTITY-ID/USER-ACCESS-TOKEN i am using the values generated here:
For any help and / or explanation, thanks in advance!
Ensure that the headers x-ms-date, host, and x-ms-content-sha256 are correctly set
yoou can use following link for troubleshooting