EDXHmac

Learn about the EDXHmac Edge Delta OTTL extension function.

  2 minute read  

Minimum Agent Version: v1.22.0

EDXHmac computes Hash-based Message Authentication Code (HMAC) for data integrity and authentication verification. HMAC combines a cryptographic hash function with a secret key to produce a message authentication code. This is commonly used for API request signing, webhook validation, JWT token generation, and ensuring data hasn’t been tampered with during transmission.

Syntax

EDXHmac(value, key, algorithm)
  • value: The string value to compute the HMAC for (can be a field reference or literal string).
  • key: The secret key used for HMAC computation (can be a field reference or literal string).
  • algorithm: The hash algorithm to use. Supported values: "md5", "sha1", "sha224", "sha256", "sha384", "sha512".

Input

{
  "_type": "log",
  "timestamp": 1735789800000,
  "body": "API request payload",
  "resource": {...},
  "attributes": {
    "request_body": "user_id=12345&action=purchase&amount=99.99",
    "webhook_payload": "{\"event\":\"user.signup\",\"user_id\":\"abc123\"}",
    "api_secret": "my-secret-key-2024",
    "jwt_claims": "{\"sub\":\"user123\",\"exp\":1735890000}"
  }
}

Example

set(attributes["request_signature"], EDXHmac(attributes["request_body"], attributes["api_secret"], "sha256"))
set(attributes["webhook_signature"], EDXHmac(attributes["webhook_payload"], "webhook-secret", "sha256"))
set(attributes["jwt_signature"], EDXHmac(attributes["jwt_claims"], EDXEnv("JWT_SECRET"), "sha512"))

Output

{
  "_type": "log",
  "timestamp": 1735789830000,
  "body": "API request payload",
  "resource": {...},
  "attributes": {
    "request_body": "user_id=12345&action=purchase&amount=99.99",
    "webhook_payload": "{\"event\":\"user.signup\",\"user_id\":\"abc123\"}",
    "api_secret": "my-secret-key-2024",
    "jwt_claims": "{\"sub\":\"user123\",\"exp\":1735890000}",
    "request_signature": "8f3e4d5c2a1b9f7e6d5c4b3a2e1d0c9b8a7f6e5d4c3b2a1f0e9d8c7b6a5f4e3d2",
    "webhook_signature": "7a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b9c0d1e2f3",
    "jwt_signature": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x0y1z2"
  }
}

The EDXHmac function has computed HMAC signatures for each input: a request signature using SHA-256 with the API secret, a webhook signature using SHA-256 with a hardcoded secret, and a JWT signature using SHA-512 with a secret from an environment variable.