How to Generate HMAC in Inbound Policy in Azure APIM

Vasanth J 1 Reputation point
2021-07-14T01:09:02.78+00:00

Hi,

Use-Case:

  • Need to fetch header parameters from inputs and encode parameter values with backend URI and current timestamp
  • generate HMAC hash with secret key and sending hashcode and encoded URI in Query parameters to backend.

find the attached sample gateway script, when I tried in API Connect its working but in APIM when i added in inbound policy, not able to save the code, throwing an error with too may characters

any inputs on how to add HMAC in inbound policy.

114337-hmac-apic.xml

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,740 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pramod Valavala 20,516 Reputation points Microsoft Employee
    2021-07-15T05:04:41.66+00:00

    @Vasanth J While not the exact use case, this policy sample covers this. Here are the lines of importance for reference 

       @{  
       System.Security.Cryptography.HMACSHA256 hasher = new System.Security.Cryptography.HMACSHA256(<signing-key>);  
       return Convert.ToBase64String(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(<string-to-sign>)));  
   }

    As for the policy code that you've shared, it's in JS whereas APIM uses C# for its policy expressions embedded in XML.