Orchestrator Webhooks - Validating Signature with Secret in ServiceNow

salix1981 · June 20, 2022, 9:05pm

Hi, Wanted to ask if you have found the way about this. I’m on the same boat of figuring how to incorporate the secret for security. Thanks in advance

codemonkee · June 21, 2022, 2:24pm

Hi @salix1981 - Perhaps someone with more knowledge of ServiceNow will jump in for you, but from what I understand you would

Create a Script REST API with Authentication turned off (Probably be good to restrict the source that would be accepted initially via ACL, etc.)
Within the Script you would then need to
- Extract the Signature Header from the Request
- Decode Signature (Base64)
- Extract raw request BODY
- Compute the hash using SHA256 and the signing key/secret
- Compare the Signature with the Computed Hash
- Process Request or Reject depending on the outcome of the comparison

UiPath provides C# and Node.js examples of the receiving destination that you could use as a base for your SN REST API Script.

Topic		Replies	Views
UiPath Orchestrator Webhooks create an Incident in ServiceNow Video Tutorials orchestrator , api , script	5	1551	August 16, 2022
About Webhooks Orchestrator orchestrator	1	1303	October 29, 2020
Webhook signature validation in python Help orchestrator	2	2366	October 18, 2019
Webhooks Automation Cloud orchestrator , question	13	3965	July 9, 2021
Webhook - uipath orchestrator Orchestrator orchestrator , api , question	2	1596	February 19, 2020

Most Active Users - Yesterday
Anil_G
ashokkarale
Ajay_Mishra
Gautham_Pattabiraman
BHUSHAN_NAGAONKAR1
vrdabberu
ABHIMANYU_THITE1
lrtetala
samantha_shah
shyamala_shyamu
More details...

Orchestrator Webhooks - Validating Signature with Secret in ServiceNow

Related Topics