0ne Record Docs
  • GENERAL OVERVIEW
    • Introduction
    • Before getting started
    • Changelog
    • Status
  • About the API
    • Environments
    • Versionning
      • Breaking change
    • Conditions & Limit
    • Pagination
    • Date Handling
    • Identifier
    • Filtering and Sorting
    • Groups
    • Troubleshooting
  • Security
    • Authentication
    • Authorization
  • REST API
    • Container
      • Get all container
      • Get a container by id
      • Create a container
      • Update a container
      • Delete a container
    • Container Type
      • Get all container type
      • Get a container type by type
      • Create a container type
      • Update a container type
      • Delete a container type
    • Country
    • Place
    • Shipment
      • Get all shipment
      • Get shipment by id
      • Create a shipment
      • Update a shipment
      • Delete a shipment
    • Shipment Anomaly
      • Get all shipment anomaly
      • Get a shipment anomaly by id
      • Create a shipment anomaly
      • Update a shipment anomaly
      • Delete a shipment anomaly
    • Shipment Anomaly Category
      • Get all shipment anomaly category
      • Get a shipment anomaly category by name
      • Create a shipment anomaly category
      • Delete a shipment anomaly category
    • Shipment Anomaly Type
      • Get all shipment anomaly type
      • Get a shipment anomaly type by code
      • Create a shipment anomaly type
      • Update a shipment anomaly type
      • Delete a shipment anomaly type
    • Shipment Customs
      • Get all shipment customs
      • Get shipment customs by id
      • Create a shipment customs
      • Update a shipment customs
      • Delete a shipment customs
    • Shipment Customs Type
      • Get all shipment customs type
      • Get shipment customs type by name
    • Shipment Detail
      • Get all shipment detail
      • Get shipment detail by id
    • Shipment Document
      • Get all shipment document
      • Get shipment document by id
      • Create a shipment document
      • Delete a shipment document
    • Shipment Event
      • Get all shipment events
      • Get shipment event by id
      • Create a shipment event
      • Update a shipment event
      • Delete a shipment event
    • Shipment Event Type
      • Get all shipment event type
      • Get shipment event type by name
    • Shipment Operator
      • Get all shipment operator
      • Get shipment operator by id
      • Create a shipment operator
      • Update a shipment operator
      • Delete a shipment operator
    • Shipment Preparation
      • Get all shipment preparation
      • Get shipment preparation by id
      • Create a shipment preparation
      • Update a shipment preparation
      • Delete a shipment preparation
    • Shipment Security
      • Get all shipment security
      • Get shipment security
      • Create a shipment security
      • Update a shipment security
      • Delete a shipment security
    • Shipment Security Type
      • Get all shipment security type
      • Get shipment security type by code
    • Shipment Service
      • Get all shipment service
      • Get shipment service by id
      • Create a shipment service
      • Update a shipment service
      • Delete a shipment service
    • Shipment Service Type
      • Get all shipment service type
      • Get shipment service type by id
      • Create a shipment service type
      • Update shipment service type
      • Delete a shipment service type
    • Society Subscription
      • Get all society subscription
      • Get a society subscription by id
      • Create a society subscription
      • Update a society subscription
      • Delete a society subscription
  • Notification
    • Webhook
      • Request
      • Restriction & Limitation
      • Supported Authentication Methods
      • Payload signature
    • SocketIO
      • Environments
      • Authentication
      • Authorization
      • Namespaces
        • Shipment Notification Namespace
      • Handling Errors
    • Example payload
      • Shipment payload
      • Shipment event payload
      • Shipment operator
Powered by GitBook
On this page
  • What is HMAC
  • How HMAC Payload Signature Works
  • Example
  1. Notification
  2. Webhook

Payload signature

PreviousSupported Authentication MethodsNextSocketIO

Last updated 7 months ago

Signatures will always be digested using hexadecimal.

In addition to the supported authentication methods, One Record provides an extra layer of security by enabling HMAC payload signature verification.

This ensures that the integrity of the webhook payload is maintained during transmission and that the request truly originates from One Record, protecting against man-in-the-middle attacks and unauthorized webhook requests.

What is HMAC

HMAC (Hash-based Message Authentication Code) is a method that combines a shared secret key with the webhook payload to create a cryptographic hash.

The receiving endpoint can use this hash to verify the authenticity and integrity of the request.

How HMAC Payload Signature Works

When a webhook is configured, One Record generates and provides the client with a unique secret key. This key is used to verify that incoming requests are both authentic and unaltered during transmission. For each webhook event, the payload is hashed using the HMAC process with the secret key and the SHA-256 algorithm.

The resulting HMAC signature is included in the request header as X-Signature. Upon receiving the webhook, the client re-computes the HMAC hash of the payload using the same secret key provided by One Record. The computed hash is then compared with the X-Signature value from the request headers. If both signatures match, the request is valid.

Example 

POST /your-webhook-endpoint HTTP/1.1
Host: example.com
Content-Type: application/json
X-Signature: 5ce362a3cc67b1145be1d69c300a45f6004c07901b883f393bf5c30d5586886a

The X-Signature contains the HMAC hash of the payload, which is calculated using the secret key and the SHA-256 algorithm

You can find examples using .

other languages here
LogoHMACWikipedia