Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

X-Hub-Signature and Signature generated with payload and secret does not match

Manoj Khiyani
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 4, 2024

On repo push event, I'm generating the SHA256 value and comparing it with the request header but the keys do not match.

1 answer

1 vote
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2024

Hello @Manoj Khiyani and welcome to the Community,

When enabling the webhook security feature, Bitbucket Cloud will generate an HMAC signature and provide it in the request header named X-Hub-Signature. This signature is generated. The signature is calculated based on the payload contents, your secret token, and a hashing algorithm (sha256).

It might be the case that your implementation of the validation is not hashing the exact same content as Bitbucket Cloud, thus representing a mismatch.

I would suggest following the instructions of the following article to understand the exact content that is hashed, and also some example code snipper (Java and Python) on how the validation can be done : 

Hope that helps! If you have any questions, feel free to ask.

Thank you, @Manoj Khiyani !

Patrik S

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events