SupportStatusDashboard

Enable HMAC webhook digest

put https://api.tatum.io/v3/subscription

2 credits per API call.


Enable HMAC hash ID on the fired webhooks from Tatum API. In order to make sure that a webhook is sent by us, we have the possibility to sign it with the HMAC Sha512 Hex algorithm.
To verify that a webhook is sent by us

  1. Get a webhook x-payload-hash header value and payload as it is as a JSON file.
  2. Convert the HTTP webhook body to stringify JSON without any spaces. In JavaScript, you would do it like this 
    JSON.stringify(req.body)
  3. Perform calculations on your side to create a digest using Secret Key, webhook payload in bytes and HMAC SHA512 algorithm. JavaScript example: 
    require('crypto').createHmac('sha512', hmacSecret).update(JSON.stringify(req.body)).digest('base64')
    .
  4. Compare x-payload-hash header value with calculated digest as a Base64 string.

Language
Authorization
Header
Click Try It! to start a request and see the response here!