Verify

Get Started

Verify

Learn how to verify the authenticity of LiveSession webhook requests.

Quickstart

Before you proceed with responding to a webhook, it's crucial to ensure that the webhook originated from LiveSession. This verification can be accomplished by calculating a digital signature.

Every webhook request incorporates a base64-encoded HMAC-SHA256 signature included in LiveSession-Signature header. This header is created using the webhook's secret in conjunction with the data transmitted in the request.

To compute the HMAC digest, follow below written algorithm:

import crypto from 'crypto';

// Your webhook secret key
const secretKey = 'your_secret_key_here';

// Received data from the webhook payload
const receivedData = 'received_data_here';

// Received base64-encoded HMAC signature from the webhook headers
const receivedSignatureBase64 = 'received_signature_here'; // Replace with actual received signature

// Function to compute HMAC-SHA256 signature and return base64-encoded result
function computeHmacSha256Base64(data, secretKey) {
    const hmac = crypto.createHmac('sha256', secretKey);
    hmac.update(data);

    return hmac.digest('base64');
}

// Calculate the base64-encoded HMAC-SHA256 signature for the received data
const calculatedSignatureBase64 = computeHmacSha256Base64(receivedData, secretKey);

// Compare the received signature with the calculated signature
if (receivedSignatureBase64 === calculatedSignatureBase64) {
    console.log('Webhook signature is valid. Request is authentic.');
} else {
    console.log('Webhook signature is invalid. Request might be tampered.');
}

Edit page

Delivery session.event

Built with

Show your support! Star us on GitHub ⭐️

Star