Q: How do I use Signing Secret for API initialization?

ResonantJunglefowl1 month ago

Where can I find the signing secret needed for setting up the api. Also help me setup the signing secret please.

terra

Elliottadmin1 month ago

Hey,

To use signing secrets for webhook verification:

  1. First find your webhook secret on Dashboard > Connections > Webhook and copy the signing secret
  2. In your webhook endpoint, verify the signature we send in the payload header like so:
SECRET = "<Your-Webhook-Secret>".encode("utf-8") @app.route("/consumeTerraWebhook", methods=["POST"]) def webhook(): body = request.get_data().decode('utf-8') signature_header = request.headers["terra-signature"] t, signature = (pair.split("=")[-1] for pair in signature_header.split(",")) computed_signature = hmac.new( SECRET, msg=f"{t}.{body}".encode("utf-8"), digestmod=hashlib.sha256 ).hexdigest() if signature != computed_signature: return flask.Response(status=401) return flask.Response(status=200)

Ensure that you use the raw body provided to the request payload