With this method, you only allow certain IP addresses to access your webhook URL while blocking out others. Dojah will only send webhooks from these IP addresses:
Events sent from Dojah carry the x-dojah-signature header. The value of this header is a HMAC SHA256 signature of the event payload signed using your secret key. Verifying the header signature should be done before processing the event:
Javascript
Copy
var crypto = require('crypto');var secret = process.env.SECRET_KEY;// Using Expressapp.post("/webhookurl", function(req, res) { //validate event const hash = crypto.createHmac('sha256', secret).update(JSON.stringify(req.body)).digest('hex'); if (hash == req.headers['x-dojah-signature']) { // Retrieve the request's body const event = req.body; // Do something with event } res.send(200);});