Introduction
Basquet uses Webhooks to communicate updates on incoming transactions initiated with the API, and kick off additional workflows based on these events.
We send a POST request to your webhook URL to notify you, you will have to verify it is coming from Basqet. We send an HMAC SHA512
encrypted payload in the header as basqetSignature
encrypted with your secret key
.
Confirm this is from Basqet by encrypting the payload we sent to you with HMAC SHA512
with your secret key
This is valid if it matches what we sent to you basqetSignature
var crypto = require('crypto');
var secret = process.env.SECRET_KEY;
// Using Express
app.post("/api/v1/test", function(req, res) {
// Retrieve the request's body
const payload = req.body;
var hash = crypto.createHmac('sha512', secret).update(JSON.stringify(payload)).digest('hex');
if (hash == req.headers['basqetSignature']) {
// Do something with payload
console.log(payload)
}
// return success
res.send(200);
});
Updated over 2 years ago