web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Webhook payload verifi...
Power Automate
Unanswered

Webhook payload verification using triggerBody()

(0) ShareShare
ReportReport
Posted on by BCLS776 8,994 Moderator

Hi, I have some flows that trigger off of HTTP requests for some integrations, including HubSpot. I would like to implement verification of those requests to improve security and for many of the integrations the HTTP request includes a header with some sort of HMAC-based signature.

 

Within my flow, I need to re-calculate the signature, compare it to the one received and if they match we have confidence the message is complete and untampered. While I have build a custom connector to help calculate the HMAC-based signature, I am having troubles performing the calculation when it involves the body of the incoming request, aka the triggerBody().

 

I suspect the issue is coming from Power Automate treating the payload as a JSON object and altering the space/newline structure to make it more human-readable. However, changing a single space in the payload changes it enough that it will no longer generate the same HMAC-based signature.

 

Does anyone have ideas for extracting an unaltered payload out of the trigger so I can correctly calculate the signature and validate the payload?

 

Thanks in advance,

Bryan

Categories:
General topics
I have the same question (0)
  • soch2000 Profile Picture
    soch2000 2 on at

    Hi - I'm in a similar position of needing to improve security of http triggered power automate flows using HMAC signature verification. Could you please share what you did to build a custom connector that can calculate the signature? Ultimately does your custom connector outsource the signature calculation to a third party service or are you handling it completely within the connector? Thanks in advance!

  • BCLS776 Profile Picture
    BCLS776 8,994 Moderator on at

    I have not been able to get this working in Power Automate due to the issue I pointed out in the original post. Custom connectors do allow us to run a small piece of c# code, which is enough to calculate the hash; however, the extra whitespace introduced as Power Automate handles the message body renders the calculation unusable.

     

    It might work better setting up an Azure Function to handle this, but still on my "to-do" list.

     

    Bryan

  • MelMac-Sage Profile Picture
    MelMac-Sage on at

    I have the same issue, however, they do validate eventually, it sometimes takes one or more retries, and I don't know a way around this yet and am concerned that we will potentially miss messages altogether.

     

    Would like to know if anyone has resolved this?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 522 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 364 Moderator

#3
abm abm Profile Picture

abm abm 243 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans