VerifyMe API
Search…
About Webhooks
πŸš€

What are they?

Webhooks are events we send to your pre-set endpoints via HTTP POST requests. They serve as a means of notification for when verification(s) has been completed.
​

Which Verifications require webhooks?

At the moment the following verifications require webhooks to be set:
  • Address Verification
  • Guarantor Verification
​

How do I add my webhook?

Webhooks can be added from your VerifyMe account dashboard
​

Webhook Signature

Webhook signatures are a means for you to verify if a webhook originated from our servers. All webhooks events have the x-verifyme-signature HTTP header which is a hash of the body of the request and your secret key.

Sample Code

NodeJs
Go
C#
1
const crypto = require('crypto')
2
​
3
// your api secretkey ( testSecretKey or liveSecretKey)
4
const secretKey= process.env.SECRET_KEY
5
​
6
const WebhookHandler = (req , res ) =>{
7
const signature = crypto.createHmac('sha512', secretKey).update(JSON.stringify(res.body)).digest('hex');
8
if(signature === req.headers['x-verifyme-signatue']){
9
// Source of the webhook is verified , Add logic here
10
}
11
}
Copied!
1
import (
2
"crypto/hmac"
3
"crypto/sha512"
4
"encoding/hex"
5
"io/ioutil"
6
"net/http"
7
"os"
8
)
9
​
10
// your api secretkey ( testSecretKey or liveSecretKey)
11
var secret = os.Getenv("SECRET_KEY")
12
​
13
func WebhookHandler(w http.ResponseWriter, r *http.Request) {
14
hash := hmac.New(sha512.New, []byte(secret))
15
16
requestBody, _ := ioutil.ReadAll(r.Body)
17
hash.Write(requestBody)
18
sha := hex.EncodeToString(hash.Sum(nil))
19
20
if sha == r.Header.Get("x-verifyme-signature") {
21
// Source of the webhook is verified , Add logic here
22
}
23
}
Copied!
1
using System;
2
using System.Security.Cryptography;
3
using System.Text;
4
using Newtonsoft.Json.Linq;
5
namespace HMacExample
6
{
7
class Program {
8
static void Main(string[] args) {
9
String key = "YOUR_SECRET_KEY"; //replace with your live or test secret key
10
String jsonInput = "YOUR_WEBHOOK_PAYLOAD"; //JSON webhook payload gotten from your request handler
11
String inputString = Convert.ToString(new JValue(jsonInput));
12
String result = "";
13
byte[] secretkeyBytes = Encoding.UTF8.GetBytes(key);
14
byte[] inputBytes = Encoding.UTF8.GetBytes(inputString);
15
using (var hmac = new HMACSHA512(secretkeyBytes))
16
{
17
byte[] hashValue = hmac.ComputeHash(inputBytes);
18
result = BitConverter.ToString(hashValue).Replace("-", string.Empty);;
19
}
20
Console.WriteLine(result);
21
String verifyMeSignature = ""; //put in the request's value for x-verifyme-signature
22
23
if(result.ToLower().Equals(verifyMeSignature)) {
24
// valid request from our servers
25
26
// insert logic here
27
} else {
28
// if it gets to this block it it didnt come from verifyme servers
29
}
30
}
31
}
32
}
33
​
Copied!
Last modified 8mo ago