Overview

Webhooks are not secured by default. To secure your webhook involve the steps below:

  • Generate a webhook key
  • Attach it as a parameter in the webhook URL
  • Verify webhook key on your server.

Example

Generate a random secured webhook key.

function generateHmacKey(secret, payload) {
  return crypto.createHmac("sha256", secret).update(payload).digest("hex");
}
const webhookKey = generateHmacKey(secretKey, "leaning tower of pisa");

Add the key as a query parameter to your webhook URL

const webhookUrl = "https://your-domain.com/webhook?webhookKey=${webhookKey}";

Attach webhook to request payload.

const endpoint = "https://api.jigsawstack.com/v1/ai/transcribe";
const options = {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": "<your-api-key>", // Replace with your actual API key.
  },
  body: JSON.stringify({
    url: "https://rogilvkqloanxtvjfrkm.supabase.co/storage/v1/object/public/demo/Video%201737458382653833217.mp4?t=2024-03-22T09%3A50%3A49.894Z",
    webhook_url: webhookUrl, // Replace with your actual webhook URL.
  }),
};
const result = await fetch(endpoint, options);
const data = await result.json();

Verify webhook key on your server.

app.post("/webhook", (req, res) => {
  const receivedHmac = req.query["webhookKey"];

  // Generate HMAC
  const generatedHmac = generateHmacKey(secretKey, "learning tower of pisa");

  // Verify the HMAC
  if (receivedHmac === generatedHmac) {
    console.log("Webhook verified and processed:", req.body);
    res.status(200).send("Webhook verified and processed");
  } else {
    console.log("Webhook verification failed");
    res.status(401).send("Webhook verification failed");
  }
});

Was this page helpful?

Suggest editsRaise issue