I have an endpoint that is pinged by a web hook I have set up.
One of the parameters in the header of this incoming request is my client secret hashed with the message body using SHA 256.
What is the best way to authenticate such requests? I don’t see any options for SHA-256 in Pega 8.7.3 that supports hashing my client secret with the message body.
@KanishkM2601 Hi, we have a similar situation. Have you found any solutions?
@KanishkM2601 does the information in the below post help at all?
Does Pega offer any support for Conjur API
In Pega 8.x, you can use the Token Profile and pxGenerateJWT activity to generate JWT tokens. You can specify the signature algorithm in the Token Profile, and the activity generates the JWT token accordingly. However, if you need to use a specific hashing algorithm like SHA-256 that is not available OOTB, you may need to write custom Java code to achieve this.
This is a GenAI-powered tool. All generated answers require validation against the provided references.
Reg Signing a message with RSA SHA 256 algorithm using a private Key
BYOK encryption Private Data requirements > AES Private data key encryption specification