Webhook Object Details
Webhook Format
Best key to Query
The _rest
key is the best key to query by, as it matches what you receive from the API.
Webhook URL Response Object
HMAC for Webhooks
Every webhook is signed with HMAC.
HMAC is a protocol that helps you judge the authenticity of the received message. This comes in handy when you want to quickly find out whether the webhook was sent by Synapse or a malicious/notorious party.
The signature is a SHA-1
and SHA-256
HMAC hash of the object_id
+ your client_id
, with the secret key as your client_secret
.
Please note: Python (FullBody) uses the entire body of a webhook to create a signature, which can be used to rebuild a X-Synapse-Signature-SHA256-FullBody
signature.
You will be able to rebuild the signature the following way:
Please note that raw should look like this (with +):
563db3fb86c27307d925871f+e3f19e4bd4022c86e7f2
Not like this (without +):
563db3fb86c27307d925871fe3f19e4bd4022c86e7f2
.
Since the SHA-1
signature is in hex, it should look like this:5bce964c20b0c36313d8f7cffc2ff4772d0c96750
We then take this signature and add it into the header of the request with name X-Synapse-Signature
and X-Synapse-Signature-Sha256
.
Last updated