Website
Guide & Tutorial
Blog
Book a Demo
Getting Started
Widget
Overview
Installation
Customization
SDK
Overview
iOS
Android
Webhooks
Introduction
Getting Started
Securing Webhook
Webhook Events
REST APIs
Introduction
Authorization
Conversation
Contact
Company
Phone
Chatbot
Analytics
Custom Cards
Knowledge Base
Settings
Powered by GitBook

Securing Webhook

Securing Webhook and Signature Hash validation

When a webhook is configured, a unique signature key is generated and given in the webhook response. The value of this header is an HMAC-SHA256. This signature key is used to sign the webhook payloads, which are sent to your endpoint with the signature key name x-acquire-signature.

Your HMAC/Secret Key

When you create a new webhook you have to allocate/add HMAC/Secret Key.

Verify Signature -

All outbound requests keep a hash authenticated header key using the standard SHA256 hash in the header x-acquire-signature. To verify the signature on your server generate a SHA256 hash and compare it with the hash sent in the Acquire header x-acquire-signature. You will need the HMAC/Secret Key that you provided in the webhook creation.

Verify Signature example nodejs code:

validateSignature = (secret, body, signature) => {
    // Create a SHA256 hashed code using the HMAC/Secret key and update the hash with body using utf8
    var signatureComputed = crypto.createHmac('SHA256', secret).update(
        new Buffer(JSON.stringify(body), 'utf8')).digest('hex');
    return (signatureComputed === signature);
};
Webhooks - Previous
Getting Started
Next - Webhooks
Webhook Events
Last updated 5 months ago