Webhook Code Examples

Example Payload
{
   "id":"7d2dde92-885b-4159-8772-0367e4e39b6f",
   "ip":"127.0.0.1",
   "event":"verification.pending",
   "email":"[email protected]",
   "trust_id":28,
   "created_at":"2022-01-28T21:06:44.000000Z",
   "ip_country":"US",
   "user_status":"Active",
   "reference_id":null,
   "last_activity":"2022-01-28 22:46:44",
   "verifications":[
      {
         "id":3,
         "name":"Document \/ ID",
         "status":{
            "value":1,
            "friendly":"Processing"
         },
         "attributes":{
            "workflow":"ID + Selfie"
         }
      },
      {
         "id":1,
         "name":"Email",
         "status":{
            "value":0,
            "friendly":"Assigned"
         }
      }
   ]
}
Example Handling (PHP)
$payload = @file_get_contents('php://input');
$event = null;
$json = json_decode($payload);
​
//first lets validate the request!
$computed_signature = hash_hmac('sha256', file_get_contents("php://input"), $configuredSigningSecret);
$received_signature = $_SERVER['HTTP_SIGNATURE'];
​
if($computed_signature !== $received_signature) {
    http_response_code(500);
    die('Tampered Request');
}
​
foreach($json->verifications as $verification) {
    switch($verification->name) {
        case "Email":
​
        break;
        case "Phone / SMS":
​
        break;
        default:
            echo 'We received a different verification method! - '.$verification->verification;
    }
}
​
http_response_code(200);
Example Signature Verification (PHP)
    public function verifyWebhook(Request $request)
    {
​
        $computed_signature = hash_hmac(
            'sha256', 
            $request->getContent(), 
            config('services.trustswiftly.signature_secret')
        );
​
        $received_signature = $_SERVER['HTTP_SIGNATURE'];
​
        if($computed_signature !== $received_signature) {
            \Log::info('received_signature wrong');
            return response('Tampered Request', 500);
        }
​
        $user = User::find($request->reference_id);
​
        if (! $user) {
            \Log::info('not found user');
            return response('Tampered Request', 500);
        }
​
        $requiredVerifications = [];
        foreach($request->verifications as $verification) {
            $requiredVerifications[$verification['id']] = $verification['status']['value'];
        }
​
        $user->required_verifications = $requiredVerifications;
        $user->save();
​
        return response(200);
    }
​
Example Signature Verification (JS)
var express = require('express');
const crypto = require('crypto')
​
const secret = 'YOUR_TRUST_SIGNATURE';
const sigHeaderName = 'signature'
const sigHashAlg = 'sha256'
​
var app = express();
​
​
app.use(express.json({
    verify: (req, res, buf, encoding) => {
        if (buf && buf.length) {
            req.rawBody = buf;
        }
    },
}))
​
function verifyPostData(req, res, next) {
    if (!req.rawBody) {
        return next('Request body not found')
    }
    const receivedSignature = Buffer.from(req.get(sigHeaderName) || '', 'utf8')
    const hmacObject = crypto.createHmac(sigHashAlg, secret)
    const currentSignature = Buffer.from(hmacObject.update(req.rawBody).digest('hex'), 'utf8')
    if (receivedSignature.length !== currentSignature.length || !crypto.timingSafeEqual(currentSignature, receivedSignature)) {
        return next(`signature didn't match`)
    }
    return next()
}
​
app.post('/', verifyPostData, function(req, res) {
    res.status(200).send('Request body was signed')
})
// catch 404 and forward to error handler
app.use(function(err, req, res, next) {
    if (err) console.error(err)
    res.status(403).send('Request body was not signed or verification failed')
});
​
module.exports = appav
Last modified 1mo ago