We wanted to implement HMAC verify Authentication in apigee edge for high sensitive data using HMAC Policy that is available as out of the box & wanted to know if we can use it for all GET, POST/PUT operations?
Eg: to use [signature] = Base64(HMAC-SHA-256(SharedSecretKey, StringToSign ) )
StringToSign = HTTP-Verb + "\n" + Content-SHA256 + "\n" + Content-Type + "\n" + Timestamp + "\n" + RequestURI
Have above StringToSign for POST/PUT & GET without a content & content-type.
Is this acheivable with the current HMAC Policy available?
Hi Raghu,
Not sure on OOB HMAC policy(haven't seen in 4.50 version atleast) but we use java callout and it works fine.
Thanks.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |