ย
Creating a webhook endpoint is the same thing as creating any other page on your website. Itโs an HTTP or HTTPS endpoint on your server with a URL. Please ensure that your endpoint is HTTPS when setting it up.
Set up an HTTP endpoint on your server that can accept webhook requests with a POST method. For example, this UR route in Flask maps to a Python webhook function:
How do I receive webhook data?
- Authenticate a user (Authentication Flow)
- Make sure your webhook URL is correct
๐ย Thatโs it!
Webhook Signing
Kaedim will, in all requests made to your webhook, include a header kaedim-signature, which will contain a hash value unique to the request and developer ID.
The signature secret - KAEDIM SECRET - can be found in user settings next to your developer ID and API-key and can be reset at any time.
Make sure to use utf-8 encoding for the payload, and to use HEX digest for the hashing function
ย
Example of signature verification:
Please note that the following code is Node.js
const secret = "Api-Secret"; const payload = JSON.stringify(response.body); console.log(response.body.result); const devID = response.body.results.devID; const signature = JSON.parse(response.headers["kaedim-signature"]); /* { ย t : 1235678, ย v1:80e62bdd6bddf54905d3cd6e13940626e16aedd.... }*/ const checkSignature = crypto .createHmac("sha256", secret) .update(`${signature.t}${payload}`) .digest("hex"); if ( crypto.timingSafeEqual( Buffer.from(signature.v1), Buffer.from(checkSignature) ) ) { // Authenticity confirmed console.log("SUCCESS"); } else { // Reject response console.log("FAIL"); }
ย
ย
ย