How to Generate HMAC in Inbound Policy in Azure APIM

Question

How to Generate HMAC in Inbound Policy in Azure APIM

Vasanth J 1

Hi,

Use-Case:

Need to fetch header parameters from inputs and encode parameter values with backend URI and current timestamp
generate HMAC hash with secret key and sending hashcode and encoded URI in Query parameters to backend.

find the attached sample gateway script, when I tried in API Connect its working but in APIM when i added in inbound policy, not able to save the code, throwing an error with too may characters

any inputs on how to add HMAC in inbound policy.

114337-hmac-apic.xml

Answer 1

Pramod Valavala 14,716 Microsoft Employee

@Vasanth J While not the exact use case, this policy sample covers this. Here are the lines of importance for reference

   @{  
       System.Security.Cryptography.HMACSHA256 hasher = new System.Security.Cryptography.HMACSHA256(<signing-key>);  
       return Convert.ToBase64String(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(<string-to-sign>)));  
   }

As for the policy code that you've shared, it's in JS whereas APIM uses C# for its policy expressions embedded in XML.

Vasanth J 1 Reputation point

2021-07-21T18:16:31.97+00:00

Thank you promod for you inputs, I tried in similar way, not able to connect through token in APIM Can you please why this APIM Policy not able to generate HMAC token 116700-hmac-apim.xml

How to Generate HMAC in Inbound Policy in Azure APIM

1 answer

Activity