HMAC signature verification

Phuong Nguyen
New Contributor

Hello everyone,


I am having an issue in verifying the HMAC signature sent from MS Teams outgoing webhook. I can only do the verification using JavaScript. From the doc site, I need to:

  1. Generate the hmac from the request body of the message. There are standard libraries to do this on most platforms. Microsoft Teams uses standard SHA256 HMAC cryptography. You will need to convert the body to a byte array in UTF8.
  2. To compute the hash, provide the byte array of the security token provided by Microsoft Teams when you registered the outgoing webhook.
  3. Convert the hash to a string using UTF8 encoding.
  4. Compare the string value of the generated hash with the value provided in the HTTP request.

The above steps and the C#  example code and I am still having issues trying to generate the HMAC Value. I am using Crypto.js library to calculate it but probably need to do some more conversions before generating the HMAC, below is the code I use:


var hash = CryptoJS.HmacSHA256(CryptoJS.enc.Utf8.parse("Message"), "secret");
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);


Please help me out if you can, i am new to this HMAC thing and have been hitting a brick wall for so long.

1 Reply

I recommend for developer topics to post to http://stackoverflow.com/questions/tagged/microsoft-teams


Here is an overview where to best Send feedback about the Microsoft Teams developer platform

Related Conversations
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
Early preview of Microsoft Edge group policies
Sean Lyndersay in Discussions on
65 Replies
*Updated 9/3* Syncing in Microsoft Edge Preview Channels
Elliot Kirk in Articles on
201 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
2 Replies