Orchestrator Webhooks - Validating Signature with Secret in ServiceNow

Hi, Wanted to ask if you have found the way about this. I’m on the same boat of figuring how to incorporate the secret for security. Thanks in advance

Hi @salix1981 - Perhaps someone with more knowledge of ServiceNow will jump in for you, but from what I understand you would

  1. Create a Script REST API with Authentication turned off (Probably be good to restrict the source that would be accepted initially via ACL, etc.)
  2. Within the Script you would then need to
    • Extract the Signature Header from the Request
    • Decode Signature (Base64)
    • Extract raw request BODY
    • Compute the hash using SHA256 and the signing key/secret
    • Compare the Signature with the Computed Hash
    • Process Request or Reject depending on the outcome of the comparison

UiPath provides C# and Node.js examples of the receiving destination that you could use as a base for your SN REST API Script.