Description

Integrating our webhooks allows your system to react instantly to key events — like when a new reward is generated — without the need to constantly poll our API. They are secure by design, as each webhook is signed, so you can confidently verify authenticity.

Security

We send a X-Signature Header which contains the signed payload. It is recommended to compare the signed payload with the X-Signature we provide to make sure the request comes from us.

Client side example

expected_signature = OpenSSL::HMAC.hexdigest("SHA256", webhook_secret, raw_body)

if Rack::Utils.secure_compare(expected_signature, request.headers['X-Signature'])
  # Valid
else
  # Reject
end
More webhooks to be added, if you have any request, let us know.