Website
Guide & Tutorial
Blog
Book a Demo
Getting Started
Widget
Overview
Installation
Functioning / Customization
SDK
Overview
IOS
Android
Webhooks
Introduction
Webhook Subscribe
Securing Webhook
Webhook Events
REST APIs
Introduction
Authorization
Interrelated
Platform
Chatbot
Analytics
Custom Cards
Knowledge Base
Settings / Configuration
Powered by GitBook

Securing Webhook

Securing Webhook and Signature Hash validation

When a webhook is configured, a unique signature key is generated and given in the webhook response. The value of this header is an HMAC-SHA256. This signature key is used to sign the webhook payloads, which are sent to your endpoint with the signature key name x-acquire-signature.

Your HMAC/Secret Key

When you create a new webhook you have to allocate/add HMAC/Secret Key.

Verify Signature -

All outbound requests keep a hash authenticated header key using the standard SHA256 hash in the header x-acquire-signature. To verify the signature on your server generate a SHA256 hash and compare it with the hash sent in the Acquire header x-acquire-signature. You will need the HMAC/Secret Key that you provided in the webhook creation.

Verify Signature example nodejs code:

validateSignature = (secret, body, signature) => {
    // Create a SHA256 hashed code using the HMAC/Secret key and update the hash with body using utf8
    var signatureComputed = crypto.createHmac('SHA256', secret).update(
        new Buffer(JSON.stringify(body), 'utf8')).digest('hex');
    return (signatureComputed === signature);
};
Webhooks - Previous
Webhook Subscribe
Next - Webhooks
Webhook Events
Last updated 2 months ago