Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.
SOLVED

SHA256 Hash Base64 Encoding Not Matching

mnorris
6 - Meteoroid

I'm attempting to connect to a new API endpoint to pull some reports and this endpoint requires a signature that is hashed via SHA256 and Base64 encoded.  I've downloaded the HMAC Encrypt macro from the gallery and I'm running a very simple workflow to verify the output is matching the sample C# script the reporting vendor provides and I'm not able to get them to match up.  I've been banging my head against the wall on this so any direction for experimentation or alternate solutions would be greatly appreciated.  I'm sure I'm doing something wrong in my Alteryx workflow, wondering if the Byte Array in C# is really the same as the string representation.  Also I know the HMAC macro is using the R Tool, wonder if another code base would somehow be different.  Anyhow, details below and workflow attached.

 

Shared Secret (from my test environment)
v5u1qqfqGioWmiQvtiG9+cLYIx5QCG2c9k+IajzauZs=

To Encode:
Matt

C# Base64 Encoded SHA256 Hash:
YafvPashQCWhsGjDUKiNPWPqvTpi/yN91GyPghJXI8k=

Alteryx Base64 Encoded SHA256 Hash:
xXbQAmTEI4c3orTCczJ0CH9+z6Ksr+zvNCLx7soHXS0=

 

Alteryx Screenshot.PNGC# Screenshot.PNG

2 REPLIES 2
KevinP
Alteryx Alumni (Retired)

@mnorris the discrepancy you are encountering is being caused by differences in how you are decoding your base64 encoded shared secret. In your C# code you are decoding the secret to a byte array and then using that array to hash your string text. In your Alteryx workflow you are decoding the secret to binary data and then encoding it as latin-1 text. This text is then used by the HMAC macro to encode your string which results in very different values. I was able to produce both values you achieved with some relatively minor modifications to the same python code.

 

Note: The following examples can by pasted directly into the python tool in Designer.

 

This python code replicates your C# code and outputs 'YafvPashQCWhsGjDUKiNPWPqvTpi/yN91GyPghJXI8k=':

 

from ayx import Alteryx
import pandas as pd
import hashlib
import hmac
import base64

message = bytes('Matt', 'utf-8')
secret = base64.b64decode('v5u1qqfqGioWmiQvtiG9+cLYIx5QCG2c9k+IajzauZs=')

signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest()).decode('utf-8')

sigArray=[signature]
output=pd.DataFrame(sigArray, columns = ['signature'])
Alteryx.write(output,1)

 

 

This python example replicates your Alteryx workflow and outputs 'xXbQAmTEI4c3orTCczJ0CH9+z6Ksr+zvNCLx7soHXS0=':

 

from ayx import Alteryx
import pandas as pd
import hashlib
import hmac
import base64

message = bytes('Matt', 'utf-8')
tmpSecret = base64.b64decode('v5u1qqfqGioWmiQvtiG9+cLYIx5QCG2c9k+IajzauZs=').decode('latin-1')
secret = bytes(tmpSecret, 'utf-8')

signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest()).decode('utf-8')

sigArray=[signature]
output=pd.DataFrame(sigArray, columns = ['signature'])
Alteryx.write(output,1)

 

 

This python example replicates the behavior of the HMAC macro:

 

from ayx import Alteryx
import pandas as pd
import hashlib
import hmac
import base64

message = bytes('Matt', 'utf-8')
secret = bytes('Shared secret as unicode text', 'utf-8')

signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest()).decode('utf-8')

sigArray=[signature]
output=pd.DataFrame(sigArray, columns = ['signature'])
Alteryx.write(output,1)

 

 

The problem with using the HMAC macro or this final python code example is that we don't know the initial text value of the shared secret, or how it was encoded to achieve the base64 value. Because of this we aren't able to decode it back to its original text value in order to get the correct hash. As such unless you know this original value your best option is probably to use the python example above that replicates your C# code as a basis for creating the token you need. This of course assumes that the C# code has been tested and produces a valid result that allows you to connect to your API.

DavidP
17 - Castor
17 - Castor

@KevinP 

 

Would you have an example workflow you can attach? Does the the Python tool feed a Download tool or do you use the Python tool to connect to the API?

Labels