I have set up a webhook in an external system to send data to my salesforce sandbox.
My sandbox is getting the webhook payload but its encrypted.
This is my Apex Class
@RestResource(urlMapping='/myservice/*') global class MyService { @HttpPost global static responseWrapper doGet() { RestRequest req = restContext.request; responseWrapper responseJSON = new responseWrapper(); System.debug('req: ' + req); System.debug('req headers: ' + req.headers); String data = ''; System.debug('data before: ' + data); Map<String, Object> body = new Map<String, Object>(); // placeholder for the JSON body of the request String jsonBody = req.requestBody.toString(); // the body of the request body = (Map<String, Object>)JSON.deserializeUntyped(jsonBody); // deserializes the JSON string into collections of primitivr data types data = (String)body.get('data'); System.debug('data after: ' + data); System.debug('body: ' + body); return responseJSON; } global class responseWrapper { global String data{get;set;} } } and this is what the configuration on the webhook site looks like 
As you can see, there is a 'SECRET KEY' that is on the webhook setup UI but I dont know how to use this for my use case.
I set up some debug logs and tested the webhook and these are the logs that were generated.
USER_DEBUG|[7]|DEBUG|req: RestRequest:[headers={CipherSuite=TLS_AES_256_GCM_SHA384 TLSv1.3 443, Content-Type=application/json, Host=xxxxxxx--webhook.sandbox.my.salesforce-sites.com, User-Agent=GuzzleHttp/7, Via=HTTP/1.1 sfdcedge, X-B3-ParentSpanId=19d6841f81ad29d2, X-B3-Sampled=0, X-B3-SpanId=c974625bd1ace698, X-B3-TraceId=973f05c281d1bc974358612c47422ff4, X-Edge-Next-Hop=origin, ...}, httpMethod=POST, params={}, remoteAddress=52.200.115.22, requestBody=Blob[351], requestURI=/myservice, resourcePath=/services/apexrest/myservice/] 18:06:27.1 (7856642)
USER_DEBUG|[8]|DEBUG|req headers: {CipherSuite=TLS_AES_256_GCM_SHA384 TLSv1.3 443, Content-Type=application/json, Host=xxxxxx--webhook.sandbox.my.salesforce-sites.com, User-Agent=GuzzleHttp/7, Via=HTTP/1.1 sfdcedge, X-B3-ParentSpanId=19d6841f81ad29d2, X-B3-Sampled=0, X-B3-SpanId=c974625bd1ace698, X-B3-TraceId=973f05c281d1bc974358612c47422ff4, X-Edge-Next-Hop=origin, ...}*
USER_DEBUG|[11]|DEBUG|data before:
USER_DEBUG|[19]|DEBUG|data after: eyJpdiI6Ik5xY29hMUxEaWF1c3B0S09oc2E4NkE9PSIsInZhbHVlIjoiQ2U0cTQ4NDJYODV6WkgwbU1kcHI2YjZMT050MjBvaG5jVFNhdVRxWlVnbHVSUzBpSXBQT2FQRCs0VHFSR1lxeS9xNnZYMnNiWGFpMWNtRnNTUEFGVmc9PSIsIm1hYyI6IjczMWFlZjM5MjVlMzY2ZDMzMjU3NTgyYWRhMGRhMmM0YjM1MDA4ZDU5Yjk1ZjI5NjE1NDVjYWI3ZmViNjFiYzQiLCJ0YWciOiIifQ==
USER_DEBUG|[22]|DEBUG|body: {action=updated, data=eyJpdiI6Ik5xY29hMUxEaWF1c3B0S09oc2E4NkE9PSIsInZhbHVlIjoiQ2U0cTQ4NDJYODV6WkgwbU1kcHI2YjZMT050MjBvaG5jVFNhdVRxWlVnbHVSUzBpSXBQT2FQRCs0VHFSR1lxeS9xNnZYMnNiWGFpMWNtRnNTUEFGVmc9PSIsIm1hYyI6IjczMWFlZjM5MjVlMzY2ZDMzMjU3NTgyYWRhMGRhMmM0YjM1MDA4ZDU5Yjk1ZjI5NjE1NDVjYWI3ZmViNjFiYzQiLCJ0YWciOiIifQ==, id=xxx, table=demographics}
So as you can see, the 'body' of the payload is one giant string which I assume needs to be decrypted, but I dont know how. Any help is appreciated
