Q: How do I use Signing Secret for API initialization?
ResonantJunglefowl2 months ago
Where can I find the signing secret needed for setting up the api. Also help me setup the signing secret please.
Elliottadmin2 months ago
Hey,
To use signing secrets for webhook verification:
- First find your webhook secret on Dashboard > Connections > Webhook and copy the signing secret
- In your webhook endpoint, verify the signature we send in the payload header like so:
SECRET = "<Your-Webhook-Secret>".encode("utf-8") @app.route("/consumeTerraWebhook", methods=["POST"]) def webhook(): body = request.get_data().decode('utf-8') signature_header = request.headers["terra-signature"] t, signature = (pair.split("=")[-1] for pair in signature_header.split(",")) computed_signature = hmac.new( SECRET, msg=f"{t}.{body}".encode("utf-8"), digestmod=hashlib.sha256 ).hexdigest() if signature != computed_signature: return flask.Response(status=401) return flask.Response(status=200)
Ensure that you use the raw body provided to the request payload