Skip to content
Pinter Computing

Knowledge Base for IT Professionals, Teachers, and Astronauts

Pinter Computing

Knowledge Base for IT Professionals, Teachers, and Astronauts

  • Home
  • Programming
  • DevOps
  • Project Management
  • Software and Hardware
  • Miscellaneous
  • Egyebek
  • About
  • Experience
  • Education
  • Contact
  • Home
  • Programming
  • DevOps
  • Project Management
  • Software and Hardware
  • Miscellaneous
  • Egyebek
  • About
  • Experience
  • Education
  • Contact
Close

Search

Home/Knowledge Base/ERROR HMAC did not pass!!
Knowledge Base

ERROR HMAC did not pass!!

By Laszlo Pinter
March 2, 2022 3 Min Read
0

The DocuSign Connect interface can send REST API requests to your HTTP listener using HMAC ( hash-based message authentication code ) security. This guarantees the integrity of the contents of the message:

  1. You generate a secret key in the DocuSign web UI,
  2. During the webhook call DocuSign generates the SHA-256 hash of the raw body of the message and includes the base-64 encoded value of it in the x-docusign-signature-1 header element,
  3. Your listener application generates the SHA-256 hash of the raw body of the received message using the same secret key, and compares the result with the value of the x-docusign-signature-1 header element.

To set up HMAC security, first you need to generate a key in the DocuSign Connect web UI. The generated key appears only once in a text box where you cannot highlight the value.

It is important to know, that the secret key is a base-64 encoded text ending with an equal sign (=).

Copy

One way to copy the value is to right-click the field and select Copy. This method does NOT copy the ending equal sign, but you can manually add it to the end of the string.

Inspect

Another way is to right-click the field and select Inspect.

On the Elements tab of the Developer tools double click the key value.

Copy the value.

Make sure to include the equal sign at the end.

Calculating the HMAC hash

When your application calculates the HMAC hash, use the raw body of the message without any transformation, and the copied secret key value, do not decode it from the base-64 format.

Troubleshooting

To inspect the contents of the REST API request use free tools available on the Web.

Use webhook.site to receive test messages from DocuSign. Set the unique URL in your DocuSign application and generate an event by signing an envelope.

The webhook.site UI displays the message including the x-docusign-signature-1 header value and the message body.

To copy the raw content of the body click the Copy link

Copy the raw body of the message and your DocuSign secret key into the Online HMAC Generator and generate the HMAC hash.

Set the

  • Key type to TEXT
  • SHA variant to SHA-256
  • Output type to Base-64

Compare the Result with the x-docusign-signature-1 header value.

Author

Laszlo Pinter

Follow Me
Other Articles
Previous

Error: invalid SQS queue name

Next

Use virtual environments with Anaconda

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Last Changes

  • DevOps Engineering part 1. (Mac) - Make your Macintosh easier to use June 25, 2026
  • Japan travel tips June 22, 2026
  • How to stop the rain and snow in Cities: Skylines II June 20, 2026
  • Cities: Skylines II Developer Mode June 20, 2026
  • 'CSII_MANAGEDPATH' has incorrect path(s) when building Cities: Skylines II mod June 20, 2026

Tags

.NET .NETcore 3Dprinting ASP.NET Core AutodeskInventor AWS C# Chef cloud DevOps Docker EntityFramework Games Git Go iOS iPad iPhone iPod Java Kubernetes Linux MacOSX MSSQL MVC Node.js Packer PowerShell Python RDS RightScale Ruby security Splunk TeamCity Terraform TestKitchen Tomcat Ubuntu Vagrant VirtualBox VisualStudio Windows WordPress Xcode

Recent Comments

  • Zengei László on MyHeritage családfa exportálása és küldése emailben
  • Raúl Castillo on DynDns update error
  • MICHAEL on Windows Media Player 12 cannot find the album information
  • Nargis on Configure Epson ET-3850 scanning on Windows 11
  • Venczelné Zemen Erika on Delta S2302 termosztát programozása

–

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Copyright 2026 — Pinter Computing. All rights reserved.