Why does HMAC pass in curl but fail in production?

Frameworks often parse JSON before your handler runs, re-serializing with different whitespace or key order. Always verify against the raw request bytes.

What replay window should OpenClaw gateways use?

Start at 300 seconds for chat providers, extend toward 600 seconds when queues or regional failover add latency, and document the value in your security review.

How does clock skew interact with Slack signatures?

Slack prepends a Unix timestamp to the signed payload; if macOS drifts more than a few minutes from NTP, legitimate events fail. Align with timed diagnostics on the host.

OpenClaw inbound webhooks HMAC Slack GitHub macOS 2026

Teams that expose an OpenClaw gateway on macOS to Slack, GitHub, or internal chat bots in 2026 rarely lose sleep over model latency first—they lose it when inbound webhooks return 200 OK while signatures silently fail, or when signatures pass but a replayed payload mutates production HTML twice. This guide explains how to verify HMAC digests on the exact raw request body, how to choose a defensible replay window measured in seconds, how to align timestamp checks with NTP on Apple hosts, and how to pair verification with idempotency keys so vendor retries never double-apply patches. Cross-read webhook-to-Ollama patterns, doctor diagnostics, and clock-skew hardening because all three documents intersect the same failure modes.

You will leave with numeric defaults that survived platform reviews—300 seconds as a first replay tolerance for synchronous chat providers, stretching toward 600 seconds when regional queues add tail latency—and a checklist you can paste into change tickets. Budget roughly $16.9 per day on published MacHTML pricing when you need a dedicated Apple Silicon Mac mini that mirrors production launchd behavior while you rehearse webhook storms without touching your laptop.

Threat model for inbound automation

OpenClaw can mutate repositories, trigger builds, and rewrite static assets when tools are wired aggressively. That power is desirable for HTML/CSS hygiene pipelines, but it means every unauthenticated POST to your gateway is a candidate supply-chain event. Signature verification is necessary but not sufficient: attackers who steal a signing secret can still mint valid digests, which is why secret rotation, least-privilege tool allowlists, and network controls remain mandatory. Assume at least three adversaries: opportunistic scanners posting JSON blobs to public URLs, insiders replaying captured traffic during incident response, and compromised vendor workers retrying the same delivery ID after your database partially committed.

Document which routes accept anonymous browser traffic versus machine-to-machine webhooks. Mixing them on one listener invites accidental CORS relaxation that does nothing for HMAC yet broadens attack surface. Prefer a dedicated subdomain such as hooks.internal.example with mTLS or IP allowlists layered on top of signatures when finance approves the operational cost.

Raw body discipline versus JSON.parse

Most signature algorithms are defined over bytes, not parsed objects. If your Express, Hono, or Fastify middleware calls JSON.parse before verification, you may re-stringify with different whitespace, key ordering, or Unicode normalization—and the recomputed digest will never match X-Hub-Signature-256 even though the logical JSON is identical. The fix is boring: configure the framework to expose a rawBody buffer, verify first, then parse. On macOS gateways behind nginx, confirm you are not unintentionally gzip-decoding twice; the outermost hop that terminates TLS should present the same bytes your application hashes.

When debugging, log the content length and a salted SHA-256 of the raw body—never log the raw secret or full payload if it contains customer HTML. Compare those diagnostics across your laptop, CI, and the rented mini; mismatches here predict signature flaps faster than staring at hex dumps.

GitHub, Slack, and generic HMAC headers

GitHub publishes X-Hub-Signature-256 with a sha256= prefix. Strip the prefix, hex-decode the provided digest, compute HMAC-SHA256 with your webhook secret over the raw body, and compare in constant time. GitHub also sends X-GitHub-Delivery, which is ideal as an idempotency key with a TTL that exceeds GitHub’s retry horizon—commonly 72 hours for aggressive upstreams per internal SRE folklore, though your compliance team may cap hot storage lower.

Slack signs v0:{timestamp}:{body} with HMAC-SHA256 and Base64 encodes the result inside X-Slack-Signature. Slack expects the timestamp to be within a few minutes of their notion of “now,” which couples verification to accurate clocks. Microsoft Teams and other enterprise chat buses use their own schemes; treat vendor documentation as law and centralize verification in one module per provider so OpenClaw tool routes cannot bypass checks by accident.

Generic shared-secret integrations often use X-Signature headers with hex digests. Whitelist allowed algorithms in configuration—do not let callers pick md5 in 2026—and reject unknown schemes with 400 responses that do not leak whether the secret was wrong versus the format was wrong; both leak information, but format errors should be rate-limited separately from cryptographic failures.

Replay window matrix

Even perfect HMAC verification cannot stop an attacker who captures a signed request within the acceptance window and replays it before expiry. Narrow windows reduce risk but increase false negatives when legitimate traffic stalls in queues. The table below is a pragmatic starting point for OpenClaw operators; adjust after measuring your p95 delivery skew.

Source	Suggested first window	Notes
Slack Events API	300 s	Tight coupling to timestamp header; pair with NTP monitoring.
GitHub repository webhooks	600 s	Retries can arrive late during incidents; dedupe on `X-GitHub-Delivery`.
Internal job runner	120 s	Low-latency LAN; shorter window because you control both ends.
Partner SaaS with unknown SLAs	900 s	Requires larger Redis memory for dedupe keys; document cost.

Whatever window you pick, publish it in the same internal page that lists firewall rules so security and platform teams do not silently diverge. When you change nginx timeouts, revisit the window: a 120-second proxy read timeout with a 300-second replay acceptance guarantees frustrated partners even if attackers never show up.

Clock skew and timestamped signatures

Slack’s signing recipe embeds a Unix timestamp in the signed prefix. If your Mac mini drifts even five minutes from reality, legitimate events fail while operators blame OpenClaw upgrades. Run the same timed and offset checks described in the NTP skew article, log absolute offset hourly, and page when drift exceeds 2 seconds for two consecutive samples. That threshold is tighter than generic desktop guidance because webhook authentication is more brittle than human login flows.

When gateways run inside user LaunchAgents, remember that sleep/wake cycles on laptops desynchronize clocks quickly; this is another reason teams rehearse on wall-powered minis that behave like datacenter hosts.

Dedupe tables and Redis TTL math

After signatures pass and timestamps fall inside the replay window, insert the delivery fingerprint into a dedupe store before enqueueing tool work. Use SET key NX EX <ttl> semantics so concurrent workers cannot double-process. Size TTL to the larger of your replay window and vendor retry documentation; if marketing promises 48-hour idempotency to customers, your Redis eviction must match or you will create duplicate HTML deploys that are “correct” cryptographically yet wrong operationally. Align with the numbers in idempotency key guidance when finance requires audit trails.

Track memory: 1 million active keys at roughly 100 bytes each is already 100 MB before fragmentation—acceptable on a Mac mini with 16 GB unified memory if you monitor eviction policies, but not accidental.

nginx, TLS termination, and double decoding

When nginx terminates TLS and forwards plain HTTP to OpenClaw on 127.0.0.1:8787, ensure the body is not transformed: disable unnecessary subfilters on webhook routes, keep client_max_body_size comfortably above your largest JSON payload, and log $request_length spikes separately from application errors. If you terminate gzip at both nginx and Node, you can end up hashing the wrong byte string even though browsers look fine.

Keep health checks on a different path from webhooks so synthetic probes do not share rate limits with legitimate GitHub bursts during large monorepo pushes.

curl probes you can archive

Store signed fixtures in a private git repo—not in public gists—and replay them against staging with curl --data-binary @payload.json so file newlines match what vendors emit. Always send the same Content-Type header the vendor uses; mismatches alter framing bytes. After infrastructure changes, run three waves: valid signature, tampered body with valid signature (should fail), and expired timestamp (should fail with a distinct metric). Tie failures into the same dashboards you use for doctor exits so on-call sees one timeline.

# Example skeleton — replace URL and headers with vendor-accurate values
curl -sS -X POST 'https://hooks.staging.example/openclaw/github' \
  -H 'Content-Type: application/json' \
  -H 'X-GitHub-Delivery: test-delivery-001' \
  -H 'X-Hub-Signature-256: sha256=REPLACE' \
  --data-binary @fixtures/push-main.json

Staging rollout checklist

Freeze the OpenClaw version and capture openclaw doctor output to JSON.
Record baseline p95 webhook latency for 1000 synthetic deliveries.
Enable signature verification in report-only mode for 24 hours, logging would-be rejects.
Flip enforcement, watch error budgets, and keep rollback to report-only one flag away.
Rotate signing secrets using a dual-active window of at least 15 minutes where both secrets verify.
Archive curl fixtures and nginx diffs in the same change ticket for auditors.

FAQ

Should webhooks and human SPA traffic share a port?

Technically yes, practically no—split listeners so firewall rules and rate limits differ.

What HTTP status should bad signatures return?

401 or 403 is conventional; avoid 500 unless your framework cannot classify the error, because vendors exponential-backoff differently per class.

Do I still need CSRF tokens for webhooks?

No—HMAC replaces browser CSRF semantics—but you still need CSRF on any browser session that can trigger overlapping actions.

Apple Silicon Mac mini nodes combine predictable single-thread performance for Node gateways with idle power often cited around 6–12 watts for light always-on loads—quiet enough to leave under a desk while webhook queues drain overnight. macOS matches the environment many OpenClaw operators already scripted with launchd, Keychain prompts, and Safari-based smoke tests, so signatures behave the same in staging and production. MacHTML cloud rentals expose SSH for scripted curl replays and optional VNC when you must click through a vendor-specific privacy prompt, letting you rehearse inbound automation without buying another machine or leaving a laptop awake on hotel Wi-Fi. When the pilot ends, you scale rental days up or down instead of carrying three-year CapEx for hardware that idles between releases.

If your roadmap chains HTML audits to chat-driven approvals, colocate the gateway near the repositories it touches and keep webhook verification boringly deterministic—raw bytes, explicit replay windows, dedupe keys, and doctor-backed health checks. That stack turns OpenClaw from a demo into infrastructure your security team can sign.

Harden OpenClaw webhooks on a cloud Mac mini

Rent Apple Silicon capacity to mirror production launchd timing, replay signed fixtures safely, and validate doctor after every nginx or TLS change—MacHTML plans start near $16.9 per day on published pricing.

Rent a cloud Mac SSH and VNC setup guide