Basquet uses Webhooks to communicate updates on incoming transactions initiated with the API, and kick off additional workflows based on these events.

We send a POST request to your webhook URL to notify you, you will have to verify it is coming from Basqet. We send an HMAC SHA512 encrypted payload in the header as basqetSignature encrypted with your secret key.

Confirm this is from Basqet by encrypting the payload we sent to you with HMAC SHA512 with your secret key

This is valid if it matches what we sent to you basqetSignature

var crypto = require('crypto');
var secret = process.env.SECRET_KEY;

// Using Express"/api/v1/test", function(req, res) {
    // Retrieve the request's body
    const payload = req.body;

    var hash = crypto.createHmac('sha512', secret).update(JSON.stringify(payload)).digest('hex');
    if (hash == req.headers['basqetSignature']) {
        // Do something with payload
    // return success

Did this page help you?