I'm currently using workflow webhook. I understand that the JSON body will consist of the whole Contact object and that cannot be changed. My question is, how can I then get the request body and validate the hash?
Is it my client has to use the entire request body passed from HS and generate the hash like below and finally compare it?
You're exactly correct; to validate the signature, you'll need to concatenate your secret, method, URI, and request body & hash them. There isn't any way to monitor this validation in the HubSpot App Monitoring, since the actual comparison is happening in your code.
Also, just to clarify, the 'request body' in this case is everything in the body that you recieve from HubSpot. So the full contact record is what's included in the concatenated string & hashed.
You're exactly correct; to validate the signature, you'll need to concatenate your secret, method, URI, and request body & hash them. There isn't any way to monitor this validation in the HubSpot App Monitoring, since the actual comparison is happening in your code.
Also, just to clarify, the 'request body' in this case is everything in the body that you recieve from HubSpot. So the full contact record is what's included in the concatenated string & hashed.
Glad I could help! As far as only passing certain properties is concerned; you might want to investigate Workflow extensions and/or the Webhooks API. Configuring and using them is more involved than the workflow webhook action, but they're far more flexible and extensible, and allow you to configure specific property change subscriptions, among other things.