Creating a webhook endpoint is the same as creating any other page on your website. It’s an HTTP or HTTPS endpoint on your server with a URL. Please ensure that your endpoint is HTTPS when setting it up.

Set up an HTTP endpoint on your server that can accept webhook requests with a POST method. For example, this UR route in Flask maps to a Python webhook function: How do I receive webhook data?

1. Authenticate a user (Authentication Flow)

2. Make sure your webhook URL is correct

🎉 That’s it!

Webhook Signing

Kaedim will, in all requests made to your webhook, include a header kaedim-signature, which will contain a hash value unique to the request and developer ID.

The signature secret - KAEDIM SECRET - can be found in user settings next to your developer ID and API-key and can be reset at any time.

Make sure to use utf-8 encoding for the payload, and to use HEX digest for the hashing function

const secret = "Api-Secret"; 
const payload = JSON.stringify(response.body);
console.log(response.body.result);
const devID = response.body.results.devID;
const signature = JSON.parse(response.headers["kaedim-signature"]);
/* {
  t : 1235678,
  v1:80e62bdd6bddf54905d3cd6e13940626e16aedd....
}*/
const checkSignature = crypto
  .createHmac("sha256", secret)
  .update(`${signature.t}${payload}`)
  .digest("hex");

if (
    crypto.timingSafeEqual(
      Buffer.from(signature.v1),
      Buffer.from(checkSignature)
    )
  ) {
    // Authenticity confirmed
    console.log("SUCCESS");
  } else {
    // Reject response
    console.log("FAIL");
  }