Menu
  • Home
  • Services
    • Implementation Services
    • Support Services
    • Salesforce Support Services on Tap
    • Customization Services
    • Integration Services
    • Consulting Services
    • Product Development with Salesforce
  • Focus Areas
    • Buyer Journey Campaign Management
    • Salesforce Integration Orchestration
    • Employee Management
    • Supporting Nonprofits
  • Case Studies
  • Blog
  • Internship
  • Contact
  • COVID 19 & beyond

HMAC Authentication in Salesforce

CategoriesBlog / Salesforce Technology

Sukanya Banekar

July 17, 2017

Being a salesforce developer, it was very challenging task for me to compute HMAC using algorithm, to

create a signature that would help external system to verify the sent request to store Lead information from

salesforce org.

 

HMAC is Hash-based message authentication code. Which is used to convert data into a bit string. This

bit string is called cryptographic string.

Why to use HMAC?

HMAC protects the quality, legality and validity of the message. It should be known by both the sender

and the receiver of the message. So when the sender sends the request, it will not only protect the data but also

maintain and assure the accuracy and consistency of data. Receiver has the secret key to detect any changes in

the message content.

 

How to use HMAC?

To generate HMAC I used SHA1 algorithm, secret key, Content-MD5 header (if using POST request).

Using these parameters I have created a signature which was base64 encoded.

Where to use HMAC?

HMAC is used for web service callouts to secure the data while sending from one system to another

system through internet.

Step 1:

Create a global class with @future(callout=true) annotation

public class HMACGenearatorHandler{
 // method to create JSON and post it to the endpoint URL
 public void createJson(list<sObject> sObjectList){
     String jsonString; // create json here
     sendRequest(jsonString);
 } // end method

@future (callout=true)
 public static void sendRequest(String jsonString){
     DateTime dtNow= System.Now();
     String dateFormat= dtNow.format('E, dd MMM yyyy kk:mm:ss z','GMT'); // date format as per the timezone of org
     HttpRequest req = new HttpRequest();
     req.setEndpoint(System.Label.EndPoint); // endpoint URL

Step 2:

Pass jsonString to the generate md5 content to post request.

MD5 is a message digest algorithm used to produce a 128-bit (16-byte) hash value in text format as a 32 digit

hexadecimal number to verify data integrity.

    String strMd5= EncodingUtil.base64Encode (Crypto.generateDigest('MD5', Blob.valueOf(jsonString)));

Step 3:

Create a canonical string (the format of this string may different for different scenario).

In my case, it is as below:

canonical_string = ‘content-type,content-MD5,request URI,date’

    String strCanonical = 'application/json' + ',' + strMd5 + ',' + request URL + ',' +dateFormat;

Step 4:

Pass the canonical string and the secret key to generate HMAC using SHA1 algorithm. In the code

snippet generate HmacSHA1Signature is a method which uses canonical string and the secret key to encrypt the

message and return the value in blob format.

    String strSignature = EncodingUtil.base64Encode(generateHmacSHA1Signature(strCanonical, system.label.Secret_Key));

// method to generate SHA 1 
public static blob generateHmacSHA1Signature(String canonical_str, String secreteKey){ 
     Blob mac = Crypto.generateMac('HMacSHA1', blob.valueof(canonical_str),blob.valueof(secreteKey)); 
     return mac;
 }// End generateHmacSHA1Signature method

String looks like:

application/json,1B2M2Y8RugTpgAm788jk==,/api/patient,Wed, 24 Sep 2014 19:18:44 GMT

Step 5:

The signature string is encoded in base64 format and I have used this string to authenticate the request.

        String strSignature = EncodingUtil.base64Encode(generateHmacSHA1Signature(strCanonical, system.label.Secret_Key));
        String authorizationHeader = system.label.APIAuth + ' ' + System.Label.Access_Id + ':' + strSignature;req.setMethod('POST');
        req.setHeader('ACCEPT',System.label.Accept_Header); // accept headers
        req.setHeader('Authorization', authorizationHeader); 
        req.setHeader('Content-Type', System.label.Content_Type); // content Type 
        req.setHeader('DATE',dateFormat);
        req.setHeader('CONTENT_MD5',strMd5);
        req.setHeader('request_uri',System.Label.EndPoint);
        req.setBody(jsonString);
        Http http = new Http();
        if(!test.isRunningTest()){
            HTTPResponse res = http.send(req);
        } // end if 
    } // end sendRequest method
 } // end class

This way you can authenticate your request using HMAC.

WISHING YOU ALL THE BEST. Happy Coding!!!!!

Recent Posts

  • Ensuring Sales Scalability: The Role of Understanding Buyers and Integrating Marketing and Sales”
  • Outsourcing Salesforce Managed Services!
  • Salesforce Field Force Management & Automation Software for Your Sales Teams
  • Customer Onboarding Process in Banking
  • Salesforce Einstein Chat BOT

Categories

  • Blog
  • Communities
  • Finance
  • General
  • Nonprofit
  • Sales
  • Salesforce Technology
  • Services

Archives

  • May 2023
  • November 2022
  • October 2022
  • February 2022
  • January 2021
  • October 2020
  • September 2020
  • August 2020
  • March 2020
  • February 2020
  • September 2019
  • April 2019
  • February 2019
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
Thinqloud was founded with the vision of helping business grow using Salesforce®.

We do this by driving automation and process management using Salesforce® Technology thereby improving and implementing integrated CRM ,Sales and Marketing processes. Our mature team comprises of IT professionals (Technology and DevOps), Business process consultants and Salesforce® enthusiasts.

Email : sales@thinqloud.com

Phone: (+91) 99754 98229

Services

  • Solution Development Services
  • Salesforce Implementation Services
  • Salesforce Support Services
  • Salesforce Customization Services
  • Salesforce Integration Services
  • Classic to Lightning Migration
  • Marketing and Sales Consulting Services

Site Links

  • Home
  • Blog
  • Case Studies
  • Contact
  • Internship

© 2022 Thinqloud, All Rights Reserved.

  • Privacy