FAQ for Organization
  • Welcome
  • Onboarding Guide
    • Mandatory settings
      • 1. Integrate your Telecoms
      • 2. Create Company
      • 3. Upload your SIM(s)
      • 4. Create Plan(s)
      • 5. Assign the plan to SIM(s)
    • Optional settings
      • 1. Account Settings
      • 2. User Profile
      • 3. PSP Integration
      • 4. Invoice Integration
      • 5. Create Pools
      • 6. Invite Staff
      • 7. Customize Columns
      • 8. Notifications
      • 9. Communication
  • Menu
    • Roles on the platform
    • SIMs
      • SIM Statuses
      • General Terms
      • Key Features
      • Q&A
    • Satellite
      • Terminal Statuses
      • Upload Terminals
    • Pools
    • Plans
      • Prepaid
      • Subscription
      • PAYGO
    • Companies
    • End Users
    • Automation - Rules
    • Transactions
    • Wallet
    • Webhooks
      • Terms used
      • Endpoint validation
      • Authentication
      • Webhook Payload Models
        • Account Model
        • End User Model
        • Account Address Model
        • Wallet Model
        • Plan Model
        • Pool Model
        • SIM Card Model
        • Status Model
        • User Model
        • Prepaid Refill Model
        • Date Time Model
        • Rule Model
        • Payment Model
        • Credit Card Model
      • Webhook Payload Types
        • Technical Payloads
        • Event Payloads
          • Company Events
          • Company Staff Events
          • End User Events
          • SIM Card Events
          • Payment Payloads
        • Rule Payloads
          • SIM Card Rule Payloads
          • SIM Pools Payloads
          • Wallet Payloads
  • e-SIM Store
    • Upload SIMs
    • eSIM Purchase & Activation
    • eSIM Store Activation
    • Q&A
Powered by GitBook
On this page
  1. Menu
  2. Webhooks

Authentication

To enhance security against potential attacks like spam and DDoS on your endpoint, we recommend implementing authentication for all incoming requests. For this purpose, we include a hash and timestamp in the headers of webhooks. The hash is generated using the SHA256 cryptographic algorithm, following the format:

api_secret:timestamp,

where:

api_secret – is a secret key that you can get by sending us a request for it,

timestamp – is a UNIX timestamp in seconds.

Listing 3.1 – Example of auth hash calculating (pseudocode)

var apiSecret = "96f3fbc76a921307f1c90d42a2203c9d";
var timestamp = 1704067200; // 2024-01-01 00:00:00
var hash = sha256(apiSecret + ":" + timestamp);
// hash = "68361c09cc50993ca6e0486e1f530c1d4e36a8aca9c8d20eb0d3aafbe47d2d5d"

It is recommended to always authenticate all incoming webhooks.

PreviousEndpoint validationNextWebhook Payload Models

Last updated 8 months ago