With this method, you only allow certain IP addresses to access your webhook URL while blocking out others. Dojah will only send webhooks from these IP addresses:135.119.89.106
Events sent from Dojah carry the x-dojah-signature header. The value of this header is a HMAC SHA256 signature of the event payload signed using your secret key. Verifying the header signature should be done before processing the event:
var crypto = require('crypto');var secret = process.env.SECRET_KEY;// Using Expressapp.post("/webhookurl", function(req, res) { //validate event const hash = crypto.createHmac('sha256', secret).update(JSON.stringify(req.body)).digest('hex'); if (hash == req.headers['x-dojah-signature']) { // Retrieve the request's body const event = req.body; // Do something with event } res.send(200);});
Events sent from Dojah carry the x-dojah-signature-v2 header. The value of this header is a HMAC SHA256 signature of your secret key. Verifying the header signature should be done before processing the event:
var crypto = require('crypto');var secret = process.env.SECRET_KEY;const encoder = new TextEncoder();// Using Expressapp.post("/webhookurl", async function(req, res) { //validate event const data = encoder.encode(secret); const hashBuffer = await crypto.subtle.digest('SHA-256', data); const hashArray = Array.from(new Uint8Array(hashBuffer)); const hash = hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); if (hash == req.headers['x-dojah-signature-v2']) { // i.e the hash generated matches with the header signature } res.send(200);});
