website logo
⌘K
Email Verification API
API Overview
Authentication
Rate Limits
Response Headers
Response Codes
Reference
Code Examples
Data Privacy API
Data Privacy API Overview
Reference
Code Examples
Webhooks
Webhooks Overview
Retries and Errors
Managing Webhooks
Verifying Webhooks
Event Triggers
Docs powered by archbee 
1min

Verifying Webhooks

To validate a webhook came from mailfloss we suggest verifying the webhook payloads with the x-request-signature header (which we pass with every webhook that has a webhook secret). If you did not add a webhook secret then this header is not included in the payload. You can add or modify the webhook secret at anytime inside of the mailfloss app by editing the corresponding webhook.



The x-request-signature header is a SHA1 HMAC hexdigest computed with the webhook secret and the raw body of the request.



An example in javascript with a webhook secret of "my little pony" is posted below.

JS
|
if (headers['x-request-signature']) {
    const crypto = require('crypto');
    const text = JSON.stringify(request.body);
    const key = "my little pony";
    const hash = crypto.createHmac('sha1', key)
        .update(text)
        .digest('hex');
    
    if (hash === headers['x-request-signature']) {
        console.log('match');
    } else {
        console.log('no match');
    }
}




Updated 03 Mar 2023
Did this page help you?
Yes
No
UP NEXT
Event Triggers
Docs powered by archbee