Webex Teams Webhook with API Gateway and Lambda

Question

I am using a fairly standard pattern of a Webhook with the called endpoint provided by AWS API Gateway and a backend Lambda.

Webex Teams webhooks allow you to provide a secret which is used to sign the outgoing payload with the resulting hash sent in the 'X-Spark-Signature' header.

I create a webhook and receive the event payload in my Lambda but the hashes do not match. Below is my example code:

def validate(key, raw):
    hashed = hmac.new(key, raw, hashlib.sha1)
    print(hashed.hexdigest())
    return hashed.hexdigest()

key = bytes('somecazYs3Cret', 'UTF-8')
raw = bytes(event['body'], 'UTF-8')
signature = event['headers']['X-Spark-Signature']

if validate(key, raw) == signature:
    print('AUTHORIZED')
else:
    print('REJECTED')

In API Gateway I am using a Mapping Template as described here to pass the request headers through to my Lambda: https://aws.amazon.com/premiumsupport/knowledge-center/custom-headers-api-gateway-lambda/

When the request payload arrives, all fields including the body are already loaded as a python type dict. so I am trying to serialise the body back to a string to check the hash.

Any help?

Answer 1

This turned out to be the way API Gateway was passing the request payload through to Lambda. Instead of the "Mapping Template" I had to enable the "Use Lambda Proxy integration" feature which passes the original body JSON through as a string.

After enabling this and removing the json.dumps() parts of my code, the hashes validate ok.