https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100092#M47495 Hi <A class="user-content-mention" data-sign="@" data-contactkey="d666ed23-eedd-4996-bd6b-3bed96e53a93" data-tag-text="@Manish Rawat" href="https://community.blueprism.com/network/profile?UserKey=d666ed23-eedd-4996-bd6b-3bed96e53a93" data-itemmentionkey="398506eb-3a99-486e-a323-5229f43761fc">@Manish Rawat</A>,<BR /><BR />In my experience, if you're trying to create something similar to jwt.io then you're looking at create a JWT (Json Web Token). The best way to do that, is to use an existing library. The one I've used in the past is <A href="https://github.com/jwt-dotnet/jwt" target="_blank" rel="noopener">JWT.Net</A> along with <A href="https://www.bouncycastle.org/csharp/" target="_blank" rel="noopener">BouncyCastle</A>.<BR /><BR />Take a look at <A href="https://community.blueprism.com/question/jws-signature-issue-if-body-contains-special-chracters#1c7f1489-2967-41cf-860f-b1bb8cb1debd" target="_blank" rel="noopener">this</A> thread and you should see some example code I posted towards the end of the thread.<BR /><BR />Cheers,<BR />Eric<BR /><BR />​ Wed, 03 Aug 2022 15:23:02 GMT ewilson 2022-08-03T15:23:02Z https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100087#M47490 Hi. I need to create a hmac token using a secret key. I would really appreciate if someone could please provide the code. Many thanks! Fri, 14 Jan 2022 18:17:40 GMT https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100087#M47490 KimDougan 2022-01-14T18:17:40Z https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100088#M47491 <A class="user-content-mention" data-sign="@" data-contactkey="0c6be217-9ca3-4f6f-a05b-d52e59916bd6" data-tag-text="@Kim Dougan" href="https://community.blueprism.com/network/profile?UserKey=0c6be217-9ca3-4f6f-a05b-d52e59916bd6" data-itemmentionkey="35f28013-c188-4122-8629-947c12740cb4">@Kim Dougan</A>,<BR /><BR />You're going to have to provide a bit more information. You say a "hmac token". Do you mean an "HMAC signature"? Is this something you need to apply to a web request? Do you know what type of HMAC? Are we talking HMAC-256, HMAC-MD5, etc.<BR /><BR />You can find more details about the HMAC capability of .NET <A href="https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.hmac?view=netframework-4.8" target="_blank" rel="noopener">here</A>. Ultimately, this is what would be used within a Code stage or Global Code page to generate your HMAC signature.<BR /><BR />Cheers,<BR />Eric​ Fri, 14 Jan 2022 20:48:29 GMT https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100088#M47491 ewilson 2022-01-14T20:48:29Z https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100089#M47492 <a href="https://community.blueprism.com/t5/user/viewprofilepage/user-id/833">@ewilson</a><BR /><BR />Thank you​ for replying.<BR /><BR />Yes - it is a HMAC signature using SHA 256. It will be used for an api call between my company and a third party.<BR /><BR />many thanks<BR />Kim Fri, 14 Jan 2022 23:22:48 GMT https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100089#M47492 KimDougan 2022-01-14T23:22:48Z https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100090#M47493 <A class="user-content-mention" data-sign="@" data-contactkey="0c6be217-9ca3-4f6f-a05b-d52e59916bd6" data-tag-text="@Kim Dougan" href="https://community.blueprism.com/network/profile?UserKey=0c6be217-9ca3-4f6f-a05b-d52e59916bd6" data-itemmentionkey="3a761cbb-7665-4801-8118-dccd68e98997">@Kim Dougan</A>,<BR /><BR />Without knowing the 3rd party platform and it's expectations for the content of the message, the best I can offer are some examples.<BR /><BR />This is probably the most basic example of computing an HMAC256 hash for a signature:<BR /> <PRE class="language-csharp"><CODE>private string GetHMAC(string text, string key) { key = key ?? ""; using (var hmacsha256 = new HMACSHA256(Encoding.UTF8.GetBytes(key))) { var hash = hmacsha256.ComputeHash(Encoding.UTF8.GetBytes(text)); return Convert.ToBase64String(hash); } }​</CODE></PRE> ​<BR />You'll need to add a reference to the assembly <STRONG>mscorlib.dll</STRONG> and the namespace <STRONG>System.Security.Cryptography</STRONG> in your <STRONG>Code Options</STRONG>.<BR /><BR />If you grab a copy of the <A href="https://digitalexchange.blueprism.com/dx/entry/9648/solution/aws-rest-api-utility" target="_blank" rel="noopener">Blue Prism AWS REST Utility</A> VBO from the Digital Exchange, there's a more complex example of how to calculate an HMAC256 signature for requests to AWS services. This is an example where the platform (AWS in this case) has specific expectations regarding the various bits of data that should be included in the signature.<BR /><BR />There are some additional examples on this <A href="https://stackoverflow.com/questions/12185122/calculating-hmacsha256-using-c-sharp-to-match-payment-provider-example" target="_blank" rel="noopener">Stack Overflow</A> thread.<BR /><BR />Cheers,<BR />Eric Sat, 15 Jan 2022 00:11:33 GMT https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100090#M47493 ewilson 2022-01-15T00:11:33Z https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100091#M47494 Hi <a href="https://community.blueprism.com/t5/user/viewprofilepage/user-id/833">@ewilson</a>,<BR /><BR />I am trying also trying to create the HAMC-256 signature with the below requirement from the <A href="https://jwt.io" target="test_blank">https://jwt.io</A> :<BR /><BR /><span class="lia-inline-image-display-wrapper" image-alt="36386.png"><img src="https://community.blueprism.com/t5/image/serverpage/image-id/36396i53FAF8475BF08B53/image-size/large?v=v2&amp;px=999" role="button" title="36386.png" alt="36386.png" /></span><BR />Please not that the "secret base64 encoded" checkbox is checked.<BR /><BR />Any idea/code like below in how I can achieve that?<BR /><BR />I have the header, payload and encryption key details with me. Wed, 03 Aug 2022 12:43:28 GMT https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100091#M47494 ManishRaw 2022-08-03T12:43:28Z https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100092#M47495 Hi <A class="user-content-mention" data-sign="@" data-contactkey="d666ed23-eedd-4996-bd6b-3bed96e53a93" data-tag-text="@Manish Rawat" href="https://community.blueprism.com/network/profile?UserKey=d666ed23-eedd-4996-bd6b-3bed96e53a93" data-itemmentionkey="398506eb-3a99-486e-a323-5229f43761fc">@Manish Rawat</A>,<BR /><BR />In my experience, if you're trying to create something similar to jwt.io then you're looking at create a JWT (Json Web Token). The best way to do that, is to use an existing library. The one I've used in the past is <A href="https://github.com/jwt-dotnet/jwt" target="_blank" rel="noopener">JWT.Net</A> along with <A href="https://www.bouncycastle.org/csharp/" target="_blank" rel="noopener">BouncyCastle</A>.<BR /><BR />Take a look at <A href="https://community.blueprism.com/question/jws-signature-issue-if-body-contains-special-chracters#1c7f1489-2967-41cf-860f-b1bb8cb1debd" target="_blank" rel="noopener">this</A> thread and you should see some example code I posted towards the end of the thread.<BR /><BR />Cheers,<BR />Eric<BR /><BR />​ Wed, 03 Aug 2022 15:23:02 GMT https://community.blueprism.com/t5/Product-Forum/Generate-Hmac-token-using-secret-key/m-p/100092#M47495 ewilson 2022-08-03T15:23:02Z