# HMAC Security HMAC Security can be used to verify that a message was sent by DocuSign, and that the message contents match what DocuSign sent. In DocuSign, navigate to DocuSign Connect and click on the Aerofiler webhook. Then click "Manage Keys":

Then, click "Add Secret Key":

Copy that key into Aerofiler:

{% hint style="info" %} In both DocuSign and Aerofiler, the key is viewable only one time. When you revisit the page, only several characters of the key will be displayed. {% endhint %} In DocuSign, check the "Include HMAC Signature" option:

Once the key is generated in DocuSign, saved in Aerofiler, and the setting is enabled in DocuSign, it will be used for authentication and integrity verification. If the key is present in DocuSign and not present in Aerofiler, or if the key is present in Aerofiler and not in DocuSign, this is an invalid state. In this scenario, when a document is received from DocuSign, it will not be filed into the repository and an error message will be sent to your account Administrators. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://adminguidesgitbook.aerofiler.com.au/repository/integrations/docusign/hmac-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.