Securing your webhooks
Make sure that your webhook endpoint receive request from undb.
Set webhook secret envrionment
Set UNDB_WEBHOOK_SECRET
environment varilable to your own secret when deploy undb
Validate Payloads from undb
When your secret token is set, undb uses it to create a hash signature with each payload. This hash signature is included with the headers of each request as x-undb-signature
Typescript example
const secret = process.env.UNDB_WEBHOOK_SECRET
const signature = "undb_" + crypto
.createHmac('sha256', secret)
.update(JSON.stringify(body.timestamp + '.' + JSON.stringify(body)))
.digest('hex')