Webhook Validation Use Case

This page serves to describe how to validate the Webhooks that you receive when you have a webhook configured in your application. To learn more about what webhooks are and how to subscribe, please refer to the Related Pages section.

Requirements

You need to subscribe to the necessary Webhooks in the Backoffice in order to receive them. For more information, please refer to the Webhooks page.
You should have received a publicKey from receeve; this is used to validate the signature of the Webhook.

How to Validate the Webhook

Before validating the signature of the Webhook, you need to use the publicKey that you received from receeve and the signature that you received in the Webhook payload.
Validate the payloadAsString that you received in the Webhook payload with the payload that you received in the Webhook payload.
Apply the HMAC-SHA256 algorithm to the payloadAsString using the publicKey as the key.

Example using NodeJS

const fs = require("fs");
const crypto = require("crypto");

const publicKey = fs.readFileSync("./publicKey.pem", "utf-8");
const webhookRequest = JSON.parse(fs.readFileSync("./webhook.json", "utf-8"));

const verify = crypto.createVerify("SHA256");
verify.write(webhookRequest.payloadAsString);
verify.end();

if (verify.verify(publicKey, webhookRequest.signature, "base64")) {
  console.log("Yeah 🚀");
} else {
  console.log("No!");
}

Requirements​

How to Validate the Webhook​

Example using NodeJS​

Related Pages​

Requirements

How to Validate the Webhook

Example using NodeJS

Related Pages