Kindly Docs

Go to App
⌘K
▶️Introduction
🔹Getting started with webhooks
🔹Webhooks reference
🔹Message processing
🔹Pattern dialogues
🔹Context memory
🔹Languages
📄Guides and Examples
◽Checking webhook signatures (HMACs)
◽Example: Chatlog webhook
◽Kindly Chat authentication
◽Inbox backup to S3 bucket
◽Add the Spinnaker script tag to your site
◽Set up event tracking with Google Tag Manager (GTM)
⚙️APIs
▪️Application API
▪️Chat API
▪️Chat Log API
▪️Handover API
▪️Nudge API
▪️Statistics API
▪️Ticket webhooks (BETA)
📦Legacy
📝APIs Changelog
🛡️Security
©️License and Disclaimer
Docs powered by archbee 

Checking webhook signatures (HMACs)

When Kindly sends data to external services (e.g. when triggering a webhook to a service owned by you), the payload will be authenticated with a hash-based message authentication code (HMAC).

The key used to create the HMAC is a shared secret, and you verify it by running the algorithm yourself with the payload and the key to re-create the HMAC.

This verifies that the sender of the message knows the secret key.

Secret key

The secret key used in the algorithm depends on which kind of request is being sent, and you can find your keys in the Kindly web interface.

If you suspect that the key might have been compromised, you can revoke it and issue a new key in the web interface.

Algorithm

The HMAC is created with the HMAC_SHA256 algorithm, then encoded in base 64.

The HMAC is attached to the request in the Kindly-HMAC header. You should also read the value of the Kindly-HMAC-algorithm request header and verify that it matches HMAC-SHA-256 (base64 encoded). If it becomes necessary to change the algorithm in the future, this value will change to let you know.

Python
|

Verifying authenticity

Verifying a HMAC-SHA256-value should be quite simple by using a crypto library in your preferred language.

JS/Node example

JS
|

Python example

The hashing algorithm works on bytes, so we make sure to do any necessary conversions from unicode str to bytes.

Python
|
Updated 05 Sep 2022
Did this page help you?
Yes
No
UP NEXT
Example: Chatlog webhook
Docs powered by archbee 
TABLE OF CONTENTS
Secret key
Algorithm
Verifying authenticity
JS/Node example
Python example