Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

X-Hub-Signature and Signature generated with payload and secret does not match

Manoj Khiyani
Manoj Khiyani
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 4, 2024

On repo push event, I'm generating the SHA256 value and comparing it with the request header but the keys do not match.

Answer
Watch
Like Be the first to like this
236 views

1 answer

1 vote
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2024

Hello @Manoj Khiyani and welcome to the Community,

When enabling the webhook security feature, Bitbucket Cloud will generate an HMAC signature and provide it in the request header named X-Hub-Signature. This signature is generated. The signature is calculated based on the payload contents, your secret token, and a hashing algorithm (sha256).

It might be the case that your implementation of the validation is not hashing the exact same content as Bitbucket Cloud, thus representing a mismatch.

I would suggest following the instructions of the following article to understand the exact content that is hashed, and also some example code snipper (Java and Python) on how the validation can be done : 

Hope that helps! If you have any questions, feel free to ask.

Thank you, @Manoj Khiyani !

Patrik S

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events