HMAC Validation
When you subscribe to WebHooks from ShoppinPal we recommend you validate the integrity of the requests.
- ShoppinPal will share an environment specific(staging, production, etc) key.
- While doing the event request delivery, the request will contain a
x-shoppinpal-hmac-sha256header. This will be very specific to each request. - Partners can compare the HMAC digest(base64) to validate the integrity of the request in order to use the data posted to the API.
| WebHook Request Header | Value |
|---|---|
x-webhook-request-id | Unique UUID for a unique request. |
x-shoppinpal-hmac-sha256 | Use this to validate the integrity of a request. |
Below is an example on how would you validate a request depending on the x-shoppinpal-hmac-sha256 header in NodeJS using crypto.
const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', secret).update(JSON.stringify(request.body)).digest('base64');
Updated 12 months ago