Terra

How do I use Signing Secret for API initialization?

ResonantJunglefowl9 months ago

Where can I find the signing secret needed for setting up the api. Also help me setup the signing secret please.

terra

Elliottadmin9 months ago

Hey,

To use signing secrets for webhook verification:

  1. First find your webhook secret on Dashboard > Connections > Webhook and copy the signing secret
  2. In your webhook endpoint, verify the signature we send in the payload header like so:
SECRET = "<Your-Webhook-Secret>".encode("utf-8")

@app.route("/consumeTerraWebhook", methods=["POST"])
def webhook():
  body = request.get_data().decode('utf-8')
  signature_header = request.headers["terra-signature"]
  
    t, signature = (pair.split("=")[-1] for pair in signature_header.split(","))
  
	computed_signature = hmac.new(
    	SECRET, msg=f"{t}.{body}".encode("utf-8"), digestmod=hashlib.sha256
	).hexdigest() 

	if signature != computed_signature:
  		return flask.Response(status=401)

	return flask.Response(status=200)

Ensure that you use the raw body provided to the request payload

Cookie Preferences

Essential CookiesAlways On
Advertisement Cookies
Analytics Cookies

Crunch Time: Embrace the Cookie Monster Within!

We use cookies to enhance your browsing experience and analyse our traffic. By clicking “Accept All”, you consent to our use of cookies according to our Cookie Policy. You can change your mind any time by visiting out cookie policy.