DocuSign Webhooks Connect key integration

Question

We are using DocuSign rest api to create and send DocuSign envelope. We attached event notification to it and get information related to Envelope status in Webhooks. We use SOAP Interface (SOAP Method: DocuSignConnectUpdate). We want to implement HMAC security on webhooks received from DocuSign.

I have created Custom Connect Configuration on our Demo account for testing but not sure how to implement it on Webhooks listener. Webhooks I'm getting after changing setting still do not have HMAC header in it.

Can you please let us know how to implement it ?

Our Webhooks listener is developed using c#

Thanks, Dishant

Inbar Gazit Inbar Gazit · Accepted Answer · 2020-05-28T18:22:06

This guide on the DocuSign Developer center has the information about using HMAC to secure your webhook calls.

Here is the C# snippet showing you how to validate the HMAC:

public static class HMAC
{
    public static string ComputeHash(string secret, string payload)
    {
        byte[] bytes = Encoding.UTF8.GetBytes(secret);
        System.Security.Cryptography.HMAC hmac = new System.Security.Cryptography.HMACSHA256(bytes);
        bytes = Encoding.UTF8.GetBytes(payload);
        bytes = hmac.ComputeHash(bytes);
        return Convert.ToBase64String(bytes);
    }

    public static bool HashIsValid(string secret, string payload, string verify)
    {
        return ComputeHash(secret, payload).Equals(verify);
    }
}

DocuSign Webhooks Connect key integration

1 Answers