Overview
Webhooks are not secured by default. To secure your webhook involve the steps below:
- Generate a webhook key
- Attach it as a parameter in the webhook URL
- Verify webhook key on your server.
Example
Generate a random secured webhook key.
function generateHmacKey(secret, payload) {
return crypto.createHmac("sha256", secret).update(payload).digest("hex");
}
const webhookKey = generateHmacKey(secretKey, "leaning tower of pisa");
Add the key as a query parameter to your webhook URL
const webhookUrl = "https://your-domain.com/webhook?webhookKey=${webhookKey}";
Attach webhook to request payload.
const endpoint = "https://api.jigsawstack.com/v1/ai/transcribe";
const options = {
method: "POST",
headers: {
"Content-Type": "application/json",
"x-api-key": "<your-api-key>", // Replace with your actual API key.
},
body: JSON.stringify({
url: "https://rogilvkqloanxtvjfrkm.supabase.co/storage/v1/object/public/demo/Video%201737458382653833217.mp4?t=2024-03-22T09%3A50%3A49.894Z",
webhook_url: webhookUrl, // Replace with your actual webhook URL.
}),
};
const result = await fetch(endpoint, options);
const data = await result.json();
Verify webhook key on your server.
app.post("/webhook", (req, res) => {
const receivedHmac = req.query["webhookKey"];
// Generate HMAC
const generatedHmac = generateHmacKey(secretKey, "learning tower of pisa");
// Verify the HMAC
if (receivedHmac === generatedHmac) {
console.log("Webhook verified and processed:", req.body);
res.status(200).send("Webhook verified and processed");
} else {
console.log("Webhook verification failed");
res.status(401).send("Webhook verification failed");
}
});
Responses are generated using AI and may contain mistakes.
