Webhooks are not secured by default. To secure your webhook involve the steps below:

  1. Generate a webhook key
  2. Attach it as a parameter in the webhook URL
  3. Verify webhook key on your server.

Example.

  1. Generate a random secured webhook key.
function generateHmacKey(secret, payload) {
  return crypto.createHmac("sha256", secret).update(payload).digest("hex");
}
const webhookKey = generateHmacKey(secretKey, "leaning tower of pisa");
  1. Add the key as a query parameter to your webhook URL
const webhookUrl = "https://your-domain.com/webhook?webhookKey=${webhookKey}";
  1. Attach webhook to request payload
const endpoint = "https://api.jigsawstack.com/v1/ai/transcribe";
const options = {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": "<your-api-key>", // Replace with your actual API key.
  },
  body: JSON.stringify({
    url: "https://rogilvkqloanxtvjfrkm.supabase.co/storage/v1/object/public/demo/Video%201737458382653833217.mp4?t=2024-03-22T09%3A50%3A49.894Z",
    webhook_url: webhookUrl, // Replace with your actual webhook URL.
  }),
};
const result = await fetch(endpoint, options);
const data = await result.json();
  1. Verify webhook key on your server.
app.post("/webhook", (req, res) => {
  const receivedHmac = req.query["webhookKey"];

  // Generate HMAC
  const generatedHmac = generateHmacKey(secretKey, "learning tower of pisa");

  // Verify the HMAC
  if (receivedHmac === generatedHmac) {
    console.log("Webhook verified and processed:", req.body);
    res.status(200).send("Webhook verified and processed");
  } else {
    console.log("Webhook verification failed");
    res.status(401).send("Webhook verification failed");
  }
});

Was this page helpful?

Webhook IntroCSS Selectors