Overview

Webhooks are not secured by default. To secure your webhook involve the steps below:
  • Generate a webhook key
  • Attach it as a parameter in the webhook URL
  • Verify webhook key on your server.

Example

Generate a random secured webhook key. 
function generateHmacKey(secret, payload) {
  return crypto.createHmac("sha256", secret).update(payload).digest("hex");
}
const webhookKey = generateHmacKey(secretKey, "leaning tower of pisa");
Add the key as a query parameter to your webhook URL 
const webhookUrl = "https://your-domain.com/webhook?webhookKey=${webhookKey}";
Attach webhook to request payload. 
const endpoint = "https://api.jigsawstack.com/v1/ai/transcribe";
const options = {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": "<your-api-key>", // Replace with your actual API key.
  },
  body: JSON.stringify({
    url: "https://rogilvkqloanxtvjfrkm.supabase.co/storage/v1/object/public/demo/Video%201737458382653833217.mp4?t=2024-03-22T09%3A50%3A49.894Z",
    webhook_url: webhookUrl, // Replace with your actual webhook URL.
  }),
};
const result = await fetch(endpoint, options);
const data = await result.json();
Verify webhook key on your server. 
app.post("/webhook", (req, res) => {
  const receivedHmac = req.query["webhookKey"];

  // Generate HMAC
  const generatedHmac = generateHmacKey(secretKey, "learning tower of pisa");

  // Verify the HMAC
  if (receivedHmac === generatedHmac) {
    console.log("Webhook verified and processed:", req.body);
    res.status(200).send("Webhook verified and processed");
  } else {
    console.log("Webhook verification failed");
    res.status(401).send("Webhook verification failed");
  }
});