Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Recently I worked on a requirement where Rest service will send a Signature field with HMAC-key value in a Json message and this Signature field HMAC-Key value is populated by concatenation of few other fields of same Json message and using Hmac SHA-256 Digest

I have to check if HMAC (Hash Message Authentication Code) sent by rest service is valid and then Process the message, if not throw back 401 “Invalid Authentication” Error

Initially I developed a java map for this requirement but later changed it to simple UDF to have more control on mapping


JSON Request Message:-


The Above signature is the result of concatenation of four fields values "UserName"+"Password"+"Company"+"Location" and SHA-256 digest

To generate the signature manually for testing purpose use the below link and as shown in screen shot



We need to generate the same HMAC SHA-256 Digest in PI using same fields and compare the strings, if comparison is true then mapping is successful if the comparison is false "Invalid Authentication" exception is thrown for monitoring purpose



Download Apache Commons Codec from below Url and import in PI as Imported Archive





Our requirement is to compare BASE 64 Signature value, so I have converted the HEX string to BASE 64 using below UDF





Display Queue of ThrowMapException should throw "true" or "false"


If "False" below message will be thrown for your monitoring purpose



REST Sender channel "Error Handling" should be maintained with any text of your choice


NOTE : There should be NO other authentication used like Basic (user id & password) or any other way

Make Rest service open to all clients or restrict to few clients  and make sure no (user id & password) authentication is used

ONLY Authentication which should be used is HMAC Signature value






Scenario 1:- JSON Request Message Signature should match exactly what PI UDF generates




Scenario 2:-  If JSON Request Message Signature does notmatch exactly what PI UDF generates then status 401 with "Invalid Authentication Signature" Message should be sent back


Labels in this area