When you subscribe to WebHooks from ShoppinPal we recommend you validate the integrity of the requests.
- ShoppinPal will share an environment specific(staging, production, etc) key.
- While doing the event request delivery, the request will contain a
x-shoppinpal-hmac-sha256header. This will be very specific to each request.
- Partners can compare the HMAC digest(base64) to validate the integrity of the request in order to use the data posted to the API.
|WebHook Request Header||Value|
|Unique UUID for a unique request.|
|Use this to validate the integrity of a request.|
Below is an example on how would you validate a request depending on the
x-shoppinpal-hmac-sha256 header in NodeJS using
const crypto = require('crypto'); const hmac = crypto.createHmac('sha256', secret).update(JSON.stringify(request.body)).digest('base64');
Updated 12 months ago