🕸️Webhook Signatures

Swapped Commerce Webhook Validation

Once you've generated your Webhook private key, you can use that with the webhook payload to generate a signature.

In the webhook requests we send you, we include x-swapped-signature in the header.

Confirm the signature you generate matches the x-swapped-signature header value we send.

To get the signature

Compute an HMAC with a SHA-256 hash function. Use your secret API key as the key and use the request body as the message. Compare this to the signature sent in the request header.

Example with NodeJS

import crypto from 'crypto';

const secretKey = 'sk_test_key'; // Replace with your secret key
const requestBody = '{ "order_id": "1fcc45a2-4def-4953-1bd8-9ff75d9aaa9c"}'
const signature =
  crypto
    .createHmac('sha256', secretKey)
    .update(requestBody)
    .digest('base64');

PreviousPrivate API Access NextWebhooks

Last updated 1 month ago

hashtagSwapped Commerce Webhook Validation

hashtagTo get the signature

hashtagExample with NodeJS

Swapped Commerce Webhook Validation

To get the signature

Example with NodeJS