In order to properly configure your webhooks, you must be familiar with the method Ingram Micro uses to support signature tokens. This is the Ingram Micro webhooks secret key method:

 

  1. Ingram Micro creates a signature token by use of a secret key + Event ID. This step uses SHA 512 encryption to generate the signature.
  2. Ingram Micro sends the signature token in the HTTP header.
    • For the token , the EventID is used as the client ID.
    • The Developer secret key is a shared secret which is used in encryption.The developer can use SHA 512 to generate a signature token using the shared secret key and the event ID from the payload.
  3. Developer compares the generated token with the one sent in the HTTP header. When there is a match, the webhook is valid.

 

Sample Code to Generate a Signature Token

This example illustrates how to generate a signature token for use with webhooks. Use this example as a model for your configuration:

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;

* Encryption class to show how to generate encoded(HMAC-x) signatures.
public class HmacSHA512generator { public static void main(String args[]) { String clientid = args[0]; //Event ID

String secretkey = args[1]; //Shared secret
String algorithm = "HmacSHA512"; // OPTIONS= HmacSHA512, HmacSHA256, HmacSHA1, HmacMD5
String result; try { // 1. Get an algorithm instance.

Mac sha256_hmac = Mac.getInstance(algorithm); // 2. Create secret key.

SecretKeySpec secret_key = new SecretKeySpec(secretkey.getBytes("UTF-8"), algorithm); // 3. Assign secret key algorithm.

sha256_hmac.init(secret_key); // 4. Generate Base64 encoded cipher string.

//String hash = Base64.encode(sha256_hmac.doFinal(message.getBytes("UTF-8"))); byte[] macData = sha256_hmac.doFinal(clientid.getBytes("UTF-8")); // Can either base64 encode or put it right into hex

result = Base64.getEncoder().encodeToString(macData);


// You can use any other encoding format to get hash text in that encoding.

System.out.println(result); 
} catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } } }