Skip to content

Signature Verification

Signature Verification

To ensure the integrity and authenticity of the data transmitted through our webhooks, we include a signature header in every request. This header allows you to verify that the request was genuinely sent by us and that the data has not been altered during transmission.

Signature Header

Each webhook sent by us will include a header called Hype-Hash. The value of this header is an HMAC-SHA256 signature generated from the combination of the request URL and the request body.

How the Signature is Generated

The signature is created using the following function:

import * as crypto from 'crypto';

export function createHmacSha256(secret: string, url: string, data: any): string {
    const message = url + JSON.stringify(data);
    const hmac = crypto.createHmac('sha256', secret);
    hmac.update(message);
    return hmac.digest('hex');
}

Function Explanation

The function accepts three parameters:

  1. secret: The client's current API key, which serves as the secret key.
  2. url: The webhook request URL.
  3. data: The body of the webhook request.

The URL and request body (converted into a JSON string) are concatenated to form the message.

This message is signed using HMAC-SHA256 with the client's API key.

The resulting signature is returned as a hexadecimal string.

How to Verify the Signature

To verify the signature received in a webhook:

  1. Extract the value of the Hype-Hash header from the received request.
  2. Using your current API key (acting as the secret key) and the createHmacSha256 function, generate your own signature based on the URL and body of the received request.
  3. Compare the signature you generated with the value of the Hype-Hash header. If they match, the request is authentic and has not been altered during transmission.

Note: Any party possessing your API key can generate or verify signatures, so never share or expose it publicly.

Example of Received Headers:

{
  'Content-Type': 'application/json',
  'Accept-Encoding': 'application/json',
  'Hype-Hash': '35d334e534211b109e2563c8bd4c945ce1055c9fbc0a6dc01efa7d2338df4e0e'
}

© 2024 Hypetech Games. All rights reserved.®