This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Verify HMAC (Custom) Authentication using HMAC policy in apigee edge

Posted on 03-03-2021 11:47 AM
raghubtechit
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We wanted to implement HMAC verify Authentication in apigee edge for high sensitive data using HMAC Policy that is available as out of the box & wanted to know if we can use it for all GET, POST/PUT operations?

Eg: to use [signature] = Base64(HMAC-SHA-256(SharedSecretKey, StringToSign ) )

StringToSign = HTTP-Verb + "\n" + Content-SHA256 + "\n" + Content-Type + "\n" + Timestamp + "\n" + RequestURI

Have above StringToSign for POST/PUT & GET without a content & content-type.

Is this acheivable with the current HMAC Policy available?

0 1 202
Topic Labels
0 Likes
1 REPLY 1
Top Solution Authors
View all