🕸️Webhook Signatures

Swapped Commerce Webhook Validation

Once you've generated your Webhook private key, you can use that with the webhook payload to generate a signature.

In the webhook requests we send you, we include x-swapped-signature in the header.

Confirm the signature you generate matches the x-swapped-signature header value we send.

To get the signature

Compute an HMAC with a SHA-256 hash function. Use your secret API key as the key and use the request body as the message. Compare this to the signature sent in the request header.

Example with NodeJS

import crypto from 'crypto';

const secretKey = 'sk_test_key'; // Replace with your secret key
const requestBody = '{ "order_id": "1fcc45a2-4def-4953-1bd8-9ff75d9aaa9c"}'
const signature =
  crypto
    .createHmac('sha256', secretKey)
    .update(requestBody)
    .digest('base64');

PreviousPrivate API Access NextOrder Webhooks

Last updated 8 days ago