From 32fe08b382d5e7f5655fbd6cbca521a326684e36 Mon Sep 17 00:00:00 2001 From: Shuchang Zheng Date: Mon, 26 Aug 2024 18:06:58 -0700 Subject: [PATCH] webhook request validation doc update (#739) --- docs/running-tasks/webhooks-faq.mdx | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/docs/running-tasks/webhooks-faq.mdx b/docs/running-tasks/webhooks-faq.mdx index 8f945a60..454f7f4b 100644 --- a/docs/running-tasks/webhooks-faq.mdx +++ b/docs/running-tasks/webhooks-faq.mdx @@ -10,17 +10,34 @@ We use Webhooks for executing tasks as the expected runtime of these jobs can ex ## How do we handle webhook authentication? (ie how can we handle callbacks?) -- a python example for how to generate the signature: + +```python validate_skyvern_request.py +import hmac +from fastapi import Request -```python def validate_skyvern_request_headers(request: Request) -> bool: - header_skyvern_signature = request.headers["x-skyvern-signature"] - payload = request.body() # this is a bytes - hash_obj = hmac.new(SKYVERN_API_KEY.encode("utf-8"), msg=payload, digestmod=hashlib.sha256) + header_skyvern_signature = request.headers["x-skyvern-signature"] + payload = request.body() # this is a bytes + hash_obj = hmac.new(SKYVERN_API_KEY.encode("utf-8"), msg=payload, digestmod=hashlib.sha256) client_generated_signature = hash_obj.hexdigest() - return header_skyvern_signature == client_generated_signature + return header_skyvern_signature == client_generated_signature ``` +```javascript validateSkyvernRequest.js +const crypto = require('crypto'); + +function validateSkyvernRequestHeaders(req) { + const headerSkyvernSignature = req.headers['x-skyvern-signature']; + const payload = req.body; // assuming req.body is a Buffer or string + const hash = crypto.createHmac('sha256', process.env.SKYVERN_API_KEY) + .update(payload) + .digest('hex'); + return headerSkyvernSignature === hash; +} +``` + + + SKYVERN_API_KEY: this is the [api key](/running-tasks/introduction) specific to your organization # Webhook common parameters