HMAC signature verification

Phuong Nguyen
New Contributor

Hello everyone,


I am having an issue in verifying the HMAC signature sent from MS Teams outgoing webhook. I can only do the verification using JavaScript. From the doc site, I need to:

  1. Generate the hmac from the request body of the message. There are standard libraries to do this on most platforms. Microsoft Teams uses standard SHA256 HMAC cryptography. You will need to convert the body to a byte array in UTF8.
  2. To compute the hash, provide the byte array of the security token provided by Microsoft Teams when you registered the outgoing webhook.
  3. Convert the hash to a string using UTF8 encoding.
  4. Compare the string value of the generated hash with the value provided in the HTTP request.

The above steps and the C#  example code and I am still having issues trying to generate the HMAC Value. I am using Crypto.js library to calculate it but probably need to do some more conversions before generating the HMAC, below is the code I use:


var hash = CryptoJS.HmacSHA256(CryptoJS.enc.Utf8.parse("Message"), "secret");
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);


Please help me out if you can, i am new to this HMAC thing and have been hitting a brick wall for so long.

1 Reply

I recommend for developer topics to post to http://stackoverflow.com/questions/tagged/microsoft-teams


Here is an overview where to best Send feedback about the Microsoft Teams developer platform

Related Conversations
Two-step verification on a specific team
Deleted in Microsoft Teams on
4 Replies