Verifying requests

You can verify that requests are valid and are coming from our platform by checking the sha256 signature of the posted JSON data.

The signature can be found in the x-hook-signature header.

Every webhook has a unique secret key that can be used to generate a hash to compare the signature with.

const hash = crypto.createHmac('sha256', secret)
    .update(req.body) // the raw JSON string
    .digest('hex')

if (req.headers['x-hook-signature'] !== hash) {
 throw new Error('Invalid Request') 
}