Skip to main content

Event subscriptions example

Signature validation (.NET)

Below is a C# .NET 9 code snippet demonstrating how to generate a signature using an HMAC-SHA256 key for request validation. Refer to the documentation on event authentication for more detailed information about signature validation.

using System.Security.Cryptography;
using System.Text;

var requestUrl = "https://mydomain.com/event/listener/endpoint";
var requestBody = """{"specversion":"1.0","data":{"userId":"6465bacd-5695-46e6-860c-f22b509d8827","tenantId":"demo"},"dataContentType":"application/json","id":"a212c861-0cb1-46ba-ac26-3247709bbc8a","source":"https://api.futureordering.com","time":"2025-05-07T14:54:14.6865307+00:00","type":"com.futureordering.user.logged_in"}""";
var timestamp = "1746629654";
var hmacKey = "mLG8cFYUZwh5b48GCkKUBQ8CJGaT7hI96+MUHikz0MBSC9ckfavGvcgO+tPYQyDnCAGy6gFxVeAITM6H57b2Pg==";
using var signatureHasher = new HMACSHA256(Convert.FromBase64String(hmacKey));

var hashedRequestBody = Convert.ToBase64String(SHA256.HashData(Encoding.UTF8.GetBytes(requestBody)));
var eventSignaturePayload = $"POST\n{requestUrl}\n{timestamp}\n{hashedRequestBody}";

var eventSignature = Convert.ToBase64String(signatureHasher.ComputeHash(Encoding.UTF8.GetBytes(eventSignaturePayload)));

// Event signature in this example is 42qxmXW7eVEe8z1sos78JesoTSMN6kA3KRoE/OOHVi8=
Console.WriteLine("Event signature: {0}", eventSignature);