How to sign Webhooks data

With the Webhook Key that you obtain in the creation process, you can sign the data that you receive to verify that it is send it to you by us.

In the validator, a Hash must be created with the key, saved in the webhook creation process, and then compared with the secret attribute, sent in the request with the following attributes:

t: The “t” attribute represents the timestamp.

s: The “s” attribute represents the secret key (webhook key).

In the controller, must validate the header and use a signature validator to verify the request send it.

var config = {
    method: 'post',
    url: 'http://localhost:3000/webhook',
    headers: {
        'Firstoken-Signature': 't=1673402757,s=07585100a27caa310b30ee0b94b4cddc2311548dcd1d996e33677c8bf3e06371',
        'Content-Type': 'application/json'
    },
    data : data
};

In the validator, a hash must be created with the key, saved in the webhook creation process, and then compared with the secret attribute, sent in the request. If these match, the data is validated and it is certain that the data sent is safe.

Last updated

Was this helpful?