Access partial header data in webhook for authentication

timbenz · January 24, 2024, 11:16pm

I’m trying to authenticate a webhook request via a shared sha56 secret in the header. The name/value pair is of this form

Name Value
X-MyThing-Sgnature sha256=34fssdkjkjkjkj334334, t=34349898989

Using header authentication in n8n, I"m trying to extract that sha256 value and compare it to a known secret before proceeding with processing the webhook. What is the best way to do this? Is it via a code block after the webook, so I would have no authentication on the webhook itself? Is there another way?

n8n · January 24, 2024, 11:16pm

It looks like your topic is missing some important information. Could you provide the following if applicable.

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

ihortom · January 25, 2024, 3:04am

@timbenz , did I get it right that your header looks something like this?

{
  "headers": {
    "X-MyThing-Signature": "sha256=34fssdkjkjkjkj334334, t=34349898989",
    . . .
  }
}

If so, you can get the signature using RegEx (in Set or Code) as shown in the workflow below.

RedPacketSec · January 25, 2024, 8:24am

yeah code node to do the calculations/auth check, then add a IF node, if good then continue, if fail then stop or throw error etc.

the webhook node doesnt have this functionality in it.

system · April 24, 2024, 8:24am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.