payload-verification-invalid-algorithm
Overview
This rule belongs to the apimatic-codegen-validation ruleset and states that:
The algorithm specified in the payload verification configuration isn't supported. Payload verification requires either HMAC-SHA256 or HMAC-SHA512 algorithms to ensure secure message signing and verification. Other algorithms aren't supported by the current implementation.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | Invalid algorithm specified for payload verification. Only HMAC-SHA256 and HMAC-SHA512 are supported. |
| Code | APIMATICCODEGEN_V551 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | Webhooks |
| Products Impacted | Code Generation, Developer Experience Portal |
| Tags | apimatic code generation codegen sdks portal docs validation apimatic payload verification algorithm security HMAC signature |
Suggested Fixes
- Use 'HMAC-SHA256' for SHA-256 based HMAC signing.
- Use 'HMAC-SHA512' for SHA-512 based HMAC signing.
- Check the algorithm string for typos or case sensitivity issues.
- Ensure the algorithm value matches exactly: 'HMAC-SHA256' or 'HMAC-SHA512'.
- Refer to the API specification documentation for supported algorithm values.