Payload validation

Validating payloads from Starmind

When your secret token is set, Starmind uses it to create a hash signature with each payload.

This hash signature is passed along with each request in the headers as X-Starmind-Signature.

The following Scala snippts shows a possible validation function to validate the payload with provided signature.

import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec

def validate(signature: String, secret: String, payload: String): Boolean = {
    val hashAlgorithm = "HmacSHA1"
    val keySpec = new SecretKeySpec(key.getBytes(), hashAlgorithm)
    val mac = Mac.getInstance(hashAlgorithm)

    signature == s"sha1=${mac.doFinal(payload.getBytes()).map("%02X" format _).mkString}"

Obviously, your language implementation may differ from this code. There’s one important thing to point out, however:

No matter which implementation you use, the hash signature starts with sha1=, using the key of your secret token and your payload body.