🔐
Trust Enterprises
  • Getting Started
  • Intro video course
    • Introduction of the Trust Enterprises project [2:16]
    • Deployment of your first Serverless client [6:29]
    • Using Postman with the Trust Enterprises API [6:33]
    • Installation of the Trust Enterprises Laravel package [7:51]
    • Basic interaction with your client with Laravel. [10:28]
  • Deployment
    • Vercel
    • Environment Variables
    • Github Actions
  • REST API
    • Overview
    • Inscriptions
      • Deploy an Inscription
      • Mint an Inscription
      • Burn an Inscription
      • Transfer an Inscription
    • NFT Ecosystem
      • Create an NFT Collection
      • Generate Metadata
      • Mint an NFT
      • Transfer an NFT
      • Claiming NFTs through Passes
    • Accounts
    • Tokens
      • Create a token
      • Bequesting a token
      • Token Holdings and Balance
    • Topics
      • Get topic info
      • Creating a new topic
      • Updating a topic
    • Consensus Messages
    • Balance
    • Status
    • Webhooks
  • The Laravel Client
    • Overview
    • Installation
    • Interacting with your client
    • Create a Marketplace
    • Manage your Inscription Flow
    • Checking account balances and sending tokens
  • Contributing
    • Local Development
      • Architecture Rationale
    • Contributing Guidelines
    • Changelog
  • Links
    • Github
    • Trust Enterprises
    • Postman Documentation
    • Hedera Network Status
    • Remote Software Development
Powered by GitBook
On this page
  • Using webhooks in the deployment
  • Proving the source of messages
  • Example Webhook implementation

Was this helpful?

  1. REST API

Webhooks

Using webhooks provides a mechanism to be sent consensus responses from your client without having to wait for consensus. Currently in development.

Using webhooks in the deployment

In your Vercel deployment set WEBHOOK_URL to the POST route that you wish to send all messages and redeploy your API.

Make sure that your POST route **responds with the status code of 200.**

Proving the source of messages

The concern of webhooks combined with trust is proving that the message came from the correct source.

In the request there will be a header including an x-signature this will be a HMAC hash of the body and the API_SECRET_KEY using the SHA256 algorithm.

To trust the source of the message you'll need to match the signature by creating a hash of the body and API_SECRET_KEY in your server and comparing.

Without verifying the signature at this step you cannot be sure that the message you received is valid. Otherwise anyone that knew your webhook route could fake a consensus response.

Example Webhook implementation

We provide an example webhook implementation that you can copy for your needs, this is found in the postman documentation and the implemented handler is on github for inspiration.

The route of the webhook for the project is /api/webhook.

To conform your webhook to our standards and testing mechanism the behaviour is as follows.

  • The webhook will only respond to a POST request

  • The webhook requires a x-signature in its header, this is a HMAC SHA256 signature.

  • The webhook is a valid signature of the entire payload body.

If the incorrect HTTP method is used to request the webhook the status code will be 405 (Method Not Allowed).

If the x-signature cannot be verified with the payload a status code 400 (Bad Request) will be returned.

PreviousStatusNextOverview

Last updated 4 years ago

Was this helpful?