How to Generate HMAC in Inbound Policy in Azure APIM

Vasanth J 1 Reputation point



  • Need to fetch header parameters from inputs and encode parameter values with backend URI and current timestamp
  • generate HMAC hash with secret key and sending hashcode and encoded URI in Query parameters to backend.

find the attached sample gateway script, when I tried in API Connect its working but in APIM when i added in inbound policy, not able to save the code, throwing an error with too may characters

any inputs on how to add HMAC in inbound policy.


Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,740 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pramod Valavala 20,516 Reputation points Microsoft Employee

    @Vasanth J While not the exact use case, this policy sample covers this. Here are the lines of importance for reference

           System.Security.Cryptography.HMACSHA256 hasher = new System.Security.Cryptography.HMACSHA256(<signing-key>);  
           return Convert.ToBase64String(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(<string-to-sign>)));  

    As for the policy code that you've shared, it's in JS whereas APIM uses C# for its policy expressions embedded in XML.