mycover.ai
  • Home
  • Distributor
  • 🚀Getting Started
    • Quickstart
    • Environments
    • Authentication
    • Testing
    • Errors
    • Go Live Checklist
    • FAQs
  • 🔌Libraries & SDKs
    • Javascript
    • Vue 2
    • Vue 3
    • React
    • Flutter
    • Android
    • React Native
    • iOS
  • 📦api reference
    • Products
      • 🚘Auto
        • Aiico
        • Leadway
        • MyCoverGenius
        • Sovereign Trust
        • Coronation
        • Tangerine
        • Sanlam
      • ♥️Health
        • Hygeia
          • Hyprime Insurance
          • Hybasic Insurance
        • Bastion
          • Bastion Health
          • MediSure
        • Malaria Cover
      • 💞Personal Accident Cover
        • Aiico
        • Leadway
        • Sanlam
      • 🏠Content (Home/Office)
        • Aiico
        • Coronation
        • Sanlam
      • ✈️Travel
        • Allianz
        • Aiico
      • 💵Life Insurance
        • Credit Life
        • SME Flex
        • Flex Life
      • 🚚Goods In Transit
        • Goods In Transit (GIT)
        • Goods In Transit (GIT) On-demand
      • 💻Gadget
        • Sovereign Trust Insurance
        • Coronation
        • Tangerine
      • 🛳️Marine Insurance ✨
        • MyCoverGenius Import Marine Cover
        • Marine Cover
    • Policies
    • Claims
      • Credit Life
    • Wallet
    • Transactions
    • Customers
    • Auxiliary
      • Products
        • Bulk Purchase
  • 🧳Services
    • Webhooks
      • Validation
      • Purchase Webhook
      • Renewal Webhook
    • Messaging
Powered by GitBook
On this page

Was this helpful?

  1. Services
  2. Webhooks

Validation

How To Validate Webhooks

You can effortlessly verify webhooks received from the MyCover.ai platform by following these steps:

Signature Inclusion: Every sent webhook includes a signature in the headers. This signature is the encrypted webhook data using the merchant's (i.e Distributor) private secret API key.

Your secret API Key is located at Settings > Api Key & Web hooks.

It is usually annotated with "MCASECK".

Validation on Merchant's End: Merchants can follow the same encryption steps using their secret API key. Then, they can compare the created signature with the one they received. If the signatures are the same, it's safe to go ahead and use the webhook information. However, if the signatures don't match, they should ignore the webhook and not use the information it carries.

const crypto = require("crypto");

const secretKey = 'MCASECK|49939d32-f649-4de4-ab35-51060ca292f9';

const signature = crypto
  .createHmac("sha512", secretKey)
  .update(JSON.stringify(req.body))
  .digest("hex");

if (req.headers['x-mycoverai-signature'] === signature) {
      const event = req.body;
      // Do something with event - that will not take long
      
      // Return Ok
      res.send(200);
}
import json
import hashlib
import hmac

secret_key = 'MCASECK|49939d32-f649-4de4-ab35-51060ca292f9'

json_payload = json.dumps(req_body, separators=(',', ':'))

secret_key_bytes = secret_key.encode()

hmac_obj = hmac.new(secret_key_bytes, digestmod=hashlib.sha512)

hmac_obj.update(json_payload.encode())

signature = hmac_obj.hexdigest()

if req.headers.get('x-mycoverai-signature') == signature:
    print('Do something with req_body')
    # Return Ok
PreviousWebhooksNextPurchase Webhook

Last updated 1 year ago

Was this helpful?

🧳