CryptoAPI / ComputeHash not matched

CryptoAPI / ComputeHash not matched

  

Platform v10, Personal Cloud Environment

Using the ComputeHash (HMAC SHA256) where the message input is the JSON Serialize output to create a hash that is then used to authenticate a request in to a consumed REST method.   The Key used is a simple text key.  I am not getting the same hex hash that I find on a validation site or more importantly in the consumed API of Stitch (for MongoDB).  If I use the hash from the validation site directly in OS REST testing routine, it works.  The debugger shows the extra quotes - "{""field"":""name""}" so I computed the hash for that message but it does not match either.  

Not Working...
{"database":"tracking","collection":"jobs","limit":1,"project":"{}","query":"{}"} with Key of ERSTRACKING gives ComputeHash of 9B92A294F5F102BFBCEB98FC342B3AAB937FFBACEDB3227427D96F13B01F1765

The hash calculated by the consumed API and another validation site is 3e89093105b14fdd5b1b4c1cc8cb69e2c1a412fbfccd8a5ccadeb8372f6b7132

Any thoughts any one...

Hi Tony,

In OutSystems, you use the double-quote symbol as the Text delimiter, so in order to represent the actual double-quote literal (") in a string, you repeat it (""), so that's why the debugger shows extra quotes... the actual text value only has a single double-quote literal.

The CryptoAPI's ComputeHash doesn't accept a secret, I'd say you need to use the ComputeMac Action for your scenario...

Apologies, I am using the ComputeMac Action and yes I understand the double quote issue.  

Still, getting a different hash from two other sites.  Any other ideas?

Tony Freeman wrote:

Platform v10, Personal Cloud Environment

Using the ComputeHash (HMAC SHA256) where the message input is the JSON Serialize output to create a hash that is then used to authenticate a request in to a consumed REST method.   The Key used is a simple text key.  I am not getting the same hex hash that I find on a validation site or more importantly in the consumed API of Stitch (for MongoDB).  If I use the hash from the validation site directly in OS REST testing routine, it works.  The debugger shows the extra quotes - "{""field"":""name""}" so I computed the hash for that message but it does not match either.  

Not Working...
{"database":"tracking","collection":"jobs","limit":1,"project":"{}","query":"{}"} with Key of ERSTRACKING gives ComputeHash of 9B92A294F5F102BFBCEB98FC342B3AAB937FFBACEDB3227427D96F13B01F1765

The hash calculated by the consumed API and another validation site is 3e89093105b14fdd5b1b4c1cc8cb69e2c1a412fbfccd8a5ccadeb8372f6b7132

Any thoughts any one...

To clarify, I am using the ComputeMac Action of CryptoAPI.  Following is the output (copied from debugger) of the JSONSerialize  
{""database"":""tracking"",""collection"":""jobs"",""limit"":1,""project"":""{}"",""query"":""{}""}  I have also attached a screen shot of the server action.


This is still an issue...

I have simplified the action to include the Request.RequestText from the API method.  The screen shot shows the text being used by ComputeMac to calculate the Mac_Hex which is also shown.
RequestText:
"{""database"":""tracking"",""collection"":""jobs"",""limit"":10,""querystr"":""""}"

MacHash:
"68C904C4195F115711C7243048F38A65EC55B59FB3CA4972511DDB9AC7ACC068"

This is the actual JSON that is being passed in the message body as found in environment monitoring for the request:
{"database":"tracking","collection":"jobs","limit":10,"querystr":""}

The hash i get from online sources with the JSON above is:
ff97384b13fd5b6b0ec336bcff25e50d0c8ab628f012201a529f7141a820e20a

I am at a loss on how to proceed.