APIs & Integrations

EM9
Teilnehmer/-in

Impossible to verify signature v2 with AWS API Gateway

lösung

Hi,

 

Unfortnatly API gateway normalises the URL before it hits the lamba function, so the query params are in the wrong order.  This makes it impossible to match against the actual URL.

 

Is there a specific ordering of the URL that we can rely on? I don't mind hard coding, just need to make sure it doesn't change otherwise everything will break.

 

For example, if you order alphabetically the params before sending, it would at least allow us to deterministically re-construct the URL  😞

 

Related to this:

https://community.hubspot.com/t5/APIs-Integrations/Unable-to-correctly-validate-v2-request-signature...

 

Thanks

1 Akzeptierte Lösung
dennisedson
Lösung
HubSpot-Produktteam
HubSpot-Produktteam

Impossible to verify signature v2 with AWS API Gateway

lösung

@EM9 ,

I asked the team and their advice presently is to use one of two workarounds

  1. Choose not to verify the requests
  2. Compute hashes for all permutations of ordering of the query params

Eventually, we will have a solution on our end for this, but there is no timeline and I would not expect it to happen soon.

Lösung in ursprünglichem Beitrag anzeigen

0 Upvotes
4 Antworten
TitiCuisset
Community-Manager/-in
Community-Manager/-in

Impossible to verify signature v2 with AWS API Gateway

lösung

Hi @EM9 

 

Thank you for reaching out.

 

I want to tag some of our experts on this - @himanshurauthan @Gonzalo do you have any thoughts for @EM9 on this? 

 

Thank you!

Best

Tiphaine


Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !


0 Upvotes
EM9
Teilnehmer/-in

Impossible to verify signature v2 with AWS API Gateway

lösung

Hi, did you get any update on this? Thanks

0 Upvotes
dennisedson
Lösung
HubSpot-Produktteam
HubSpot-Produktteam

Impossible to verify signature v2 with AWS API Gateway

lösung

@EM9 ,

I asked the team and their advice presently is to use one of two workarounds

  1. Choose not to verify the requests
  2. Compute hashes for all permutations of ordering of the query params

Eventually, we will have a solution on our end for this, but there is no timeline and I would not expect it to happen soon.

0 Upvotes
EM9
Teilnehmer/-in

Impossible to verify signature v2 with AWS API Gateway

lösung

Hi,

 

Just wondering if we've had any updates on this? It really isn't ideal to not verify, and we also can't even compute all permuations because we have to replicate the parsing and encoding logic on our side, which is constatly breaking our customers integrations when we run into edge cases.