How to Generate HMAC in Inbound Policy in Azure APIM

VASANTH RAO JADAV 46 Reputation points
2021-07-14T01:09:02.78+00:00

Hi,

Use-Case:

  • Need to fetch header parameters from inputs and encode parameter values with backend URI and current timestamp
  • generate HMAC hash with secret key and sending hashcode and encoded URI in Query parameters to backend.

find the attached sample gateway script, when I tried in API Connect its working but in APIM when i added in inbound policy, not able to save the code, throwing an error with too may characters

any inputs on how to add HMAC in inbound policy.

114337-hmac-apic.xml

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,473 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Pramod Valavala 20,656 Reputation points Microsoft Employee Moderator
    2021-07-15T05:04:41.66+00:00

    @VASANTH RAO JADAV While not the exact use case, this policy sample covers this. Here are the lines of importance for reference

       @{  
           System.Security.Cryptography.HMACSHA256 hasher = new System.Security.Cryptography.HMACSHA256(<signing-key>);  
           return Convert.ToBase64String(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(<string-to-sign>)));  
       }  
    

    As for the policy code that you've shared, it's in JS whereas APIM uses C# for its policy expressions embedded in XML.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.