Question:
What are the details concerning the signature verification process used in DocuWare for Webhooks and Web Services?
Answer:
Since DocuWare 7.10, every webhook and Web Service call from DocuWare contains the header “x-docuware-signature”. The receiving application uses this header to verify that the webhook is sent by DocuWare and has not been tampered with.
The method used when creating the signature is called HMAC (Hash-based Message Authentication Code).
The DocuWare passphrase is key to creating the signature. More on passphrases can be found here.
For Signature Verification:
To verify the signature from DocuWare, you will need to minimize the JSON body first, then use SHA512 with the DocuWare passphrase as the key.
KBA applicable to ONLY Cloud Organizations.
What are the details concerning the signature verification process used in DocuWare for Webhooks and Web Services?
Answer:
Since DocuWare 7.10, every webhook and Web Service call from DocuWare contains the header “x-docuware-signature”. The receiving application uses this header to verify that the webhook is sent by DocuWare and has not been tampered with.
The method used when creating the signature is called HMAC (Hash-based Message Authentication Code).
The DocuWare passphrase is key to creating the signature. More on passphrases can be found here.
For Signature Verification:
To verify the signature from DocuWare, you will need to minimize the JSON body first, then use SHA512 with the DocuWare passphrase as the key.
KBA applicable to ONLY Cloud Organizations.