HTTP EndPoint Signature Issue

It states in the docs that an EndPoint with payload signature verification requires an Endpoint-Signature header, however, through testing we’re not able to get it working.

Using fetch in javascript and setting the header as follows;

headers: { 'Endpoint-Signature':sha256=${hash} }

results in the following error in the Realm logs;

Error: expected to find Endpoint-Signature in header

Further to the docs, they’re showing a double colon in the example;

Endpoint-Signature::sha256=<hex encoded hash>

Is this a mistake? Just in case, we also experimented with setting the header as follows;

headers: { 'Endpoint-Signature'::sha256=${hash} }

headers: { 'Endpoint-Signature::sha256': hash }

The first fails with the same missing header error and the second breaks the fetch call as colons aren’t allowed in header names.

We’ve also verified that hash is valid and being properly set in the header.

I should also mention we’re changing over to HTTP Endpoints from 3rd Party services, and the same code was working well with the X-Hook-Signature header.

Hi @Mauro ,

Have you tried via a simple curl command similarly to :

curl -X POST \
  -H "Content-Type: application/json" \
  -H "Endpoint-Signature::sha256=828ee180512eaf8a6229eda7eea72323f68e9c0f0093b11a578b0544c5777862" \
  -d '{"message":"MESSAGE"}' \
  https://data.mongodb-api.com/app/myapp-abcde/endpoint/testPayloadSignatureVerification

Without all the parameters you use…

If this works their is something within the code that set it that is wrong, or the generated hash is in a wrong format

Thanks
Pavel

Cheers @Pavel_Duchovny, all sorted now.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.