APIs & Integrations

EM9
Participant

Impossible to verify signature v2 with AWS API Gateway

SOLVE

Hi,

 

Unfortnatly API gateway normalises the URL before it hits the lamba function, so the query params are in the wrong order.  This makes it impossible to match against the actual URL.

 

Is there a specific ordering of the URL that we can rely on? I don't mind hard coding, just need to make sure it doesn't change otherwise everything will break.

 

For example, if you order alphabetically the params before sending, it would at least allow us to deterministically re-construct the URL  😞

 

Related to this:

https://community.hubspot.com/t5/APIs-Integrations/Unable-to-correctly-validate-v2-request-signature...

 

Thanks

1 Accepted solution
dennisedson
Solution
HubSpot Product Team
HubSpot Product Team

Impossible to verify signature v2 with AWS API Gateway

SOLVE

@EM9 ,

I asked the team and their advice presently is to use one of two workarounds

  1. Choose not to verify the requests
  2. Compute hashes for all permutations of ordering of the query params

Eventually, we will have a solution on our end for this, but there is no timeline and I would not expect it to happen soon.

View solution in original post

0 Upvotes
4 Replies 4
TitiCuisset
Community Manager
Community Manager

Impossible to verify signature v2 with AWS API Gateway

SOLVE

Hi @EM9 

 

Thank you for reaching out.

 

I want to tag some of our experts on this - @himanshurauthan @Gonzalo do you have any thoughts for @EM9 on this? 

 

Thank you!

Best

Tiphaine


Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !


0 Upvotes
EM9
Participant

Impossible to verify signature v2 with AWS API Gateway

SOLVE

Hi, did you get any update on this? Thanks

0 Upvotes
dennisedson
Solution
HubSpot Product Team
HubSpot Product Team

Impossible to verify signature v2 with AWS API Gateway

SOLVE

@EM9 ,

I asked the team and their advice presently is to use one of two workarounds

  1. Choose not to verify the requests
  2. Compute hashes for all permutations of ordering of the query params

Eventually, we will have a solution on our end for this, but there is no timeline and I would not expect it to happen soon.

0 Upvotes
EM9
Participant

Impossible to verify signature v2 with AWS API Gateway

SOLVE

Hi,

 

Just wondering if we've had any updates on this? It really isn't ideal to not verify, and we also can't even compute all permuations because we have to replicate the parsing and encoding logic on our side, which is constatly breaking our customers integrations when we run into edge cases.