Advanced Integrated Visibility Validation Process
What is a MAC/HMAC and how is it used in the validation process?
A message authentication code (MAC) provides a way to check the integrity of information transmitted over or stored in an unreliable medium, based on a secret key. Typically, MACs are used between two parties that share a secret key to validate information transmitted between the two parties.
A MAC mechanism that is based on cryptographic hash functions is referred to as HMAC. HMAC can be used with any cryptographic hash function, e.g., SHA256, in combination with a secret shared key. HMAC is specified in RFC 2104. FedEx Advanced Integrated Visibility webhook will use HMAC SHA256.
SHA256( security token + payload) = Base 64 encoded fdx-signature as part of payload Header
Example (of a pseudocode snippet to illustrate an HMAC SHA256 hashing):
- First, initialize MAC using HmacSHA256 algorithm and the security token as the secret key.
- Then, finalize the MAC operation by hex encoding the request payload sent by FedEx.
- This final hash should match with the value of the header fdx-signature in the PUSH sent by FedEx.
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(secureToken.getBytes(), "HmacSHA256"));
return new String(Base 64 encoded(mac.doFinal(payLoad.getBytes())));
Note: The secret key used is the secure token that you will provide when setting up the Advanced Integrated Visibilityor when testing the Advanced Integrated Visibility URL.
Validation Rules:
- Advanced Integrated Visibility webhook Name should be unique.
- Advanced Integrated Visibility webhook Destination URL must be in Standardized Syntactical format.
- All the required fields for creating a Advanced Integrated Visibility webhook must not be empty.
- At least one available FedEx shipping account number should be associated for creating a Advanced Integrated Visibility webhook .
- For Successful validation:
- When a Advanced Integrated Visibility webhook is created successfully, customer will receive a confirmation message.
Sample Confirmation Message: <<Advanced Integrated Visibility webhook name>> successfully created. Changes may take up to 10 minutes to go into effect.
- When a Advanced Integrated Visibility webhook is created successfully, customer will receive a confirmation message.
- For Unsuccessful/Failed validation:
- If FedEx receives any response other than 200 (OK) or 202 (Accepted), then the validation of the Advanced Integrated Visibility webhook destination URL will be considered as failed.
