Kaedim
Search
K

Web Hooks

Creating a webhook endpoint is the same thing as creating any other page on your website. It’s an HTTP or HTTPS endpoint on your server with a URL. Please ensure that your endpoint is HTTPS when setting it up.
Set up an HTTP endpoint on your server that can accept webhook requests with a POST method. For example, this UR route in Flask maps to a Python webhook function:How do I receive webhook data?
  1. 1.
    Authenticate a user (Authentication Flow)
  2. 2.
    Make sure your webhook URL is correct
🎉 That’s it!

Webhook Signing

Kaedim will, in all requests made to your webhook, include a header kaedim-signature, which will contain a hash value unique to the request and developer ID.
The signature secret - KAEDIM SECRET - can be found in user settings next to your developer ID and API-key and can be reset at any time.
Make sure to use utf-8 encoding for the payload, and to use HEX digest for the hashing function
Example of signature verification:
Please note that the following code is Node.js
const secret = "Api-Secret";
const payload = JSON.stringify(response.body);
console.log(response.body.result);
const devID = response.body.results.devID;
const signature = JSON.parse(response.headers["kaedim-signature"]);
/* {
  t : 1235678,
  v1:80e62bdd6bddf54905d3cd6e13940626e16aedd....
}*/
const checkSignature = crypto
.createHmac("sha256", secret)
.update(`${signature.t}${payload}`)
.digest("hex");
if (
crypto.timingSafeEqual(
Buffer.from(signature.v1),
Buffer.from(checkSignature)
)
) {
// Authenticity confirmed
console.log("SUCCESS");
} else {
// Reject response
console.log("FAIL");
}