Api Key Mechanism

The system sends WebHook payloads to third-party providers, which are publicly available. Implemented Api Key mechanism allows verifying if incoming requests aren't fabricated.

In this case, when our system calls any endpoint, it includes the X-Api-Key request header. It contains a randomly generated string which should be always the same for every registered WebHook.

Your endpoint should reject all incoming requests that contain an incorrect Api Key header!

Below is an example of cURL request, similar to one, which the system calls:

curl -XPOST 'https://example.com/webhook_endpoint' \
     -H 'X-Api-Key: {{WEBHOOK_API_KEY}}' \
     -H "Content-type: application/json" \
     -d '{"example":true}'

Verifying Api Key

To verify an Api Key you will need:

The Api Key generated for a WebHook, available from the organization panel (coming soon).
We strongly recommend storing the generated Api Key on the server-side (eg. in the environment variables).
The X-Api-Key header value
Verify if the X-Api-Key header value equals to the generated one.

Examples

Node.js
C#

results matching ""

No results matching ""