How can you be sure we sent the payload to you.
Each webbook request is accompanied by 4 header values you can use to verify the authenticity of the request.
| Name | Description |
|---|---|
| X-AUTHVIA-SIGNATURE | The hashed signature using the shared secret. |
| X-AUTHVIA-VALUE | The value hashed to generate the signature. |
| X-AUTHVIA-TIMESTAMP | EPOCH in seconds for when the signature was created. |
| X-AUTHVIA-ALGORITHM | The algorithm used to generate the signature. Always SHA-256. |
This algorithm will look familiar if you have already created a token using the Signature Logic. The VALUE is the basis for the hashing algorithm, but its combined with its length and the timestamp.
So to check if the request is valid, use the signature that applies to the Subscription and create a SHA-256 hash on {X-AUTHVIA-VALUE}.{X-AUTHVIA-VALUE.length}.{X-AUTHVIA-TIMESTAMP}.
To create your own secret, you can pass secret as an attribute when creating a Subscription. Alternatively, one is generated for you at the Account level, though you will have to contact us to get this secret value.