🛫
XClaim API Partner Docs
  • Introduction
  • Authentication
  • Claim Creation Workflows
    • Appendix
  • First Notice Of Loss (FNOL)
    • Get Claim Selector
    • Get Claim Types
    • Get Fnol
  • Claims
    • Create a new Claim
    • List of all claims
    • Update an existing Claim
    • Get Claim
    • Claim Policy Details
    • List of claims by booking reference
    • List of claims by claim type
    • Claim Files
      • Upload File
      • Upload File for an Existing Claim
      • List of Files by Claim
      • Get File
      • Delete File
  • Webhooks
    • Overview
    • Verifying signatures
    • Claim Webhooks
  • Integrations
    • Cancel For Any Reason (CFAR)
    • Claim Eligibility
      • Get Claim Eligibility Check
Powered by GitBook
On this page
  1. Webhooks

Verifying signatures

This is optional, but highly recommended.

Signatures are created using HMAC and the sha256 hash, and passed in the XClaim-Signature header of the webhook request (ie. when sent to your system).

The signature string found inside the XClaim-Signature header should be:

sha256=<signature>

Suppose that the body of the incoming webhook request is requestBody and the signature key you specified is key, and there exists a function as this:

HMAC_SHA256 ( data, signatureKey )

The <signature> string can be generated using the following simple pseudocode algorithm;

HMAC_SHA256(requestBody, key)

Once you have generated the signature on your end, check that it matches the signature in the webhook received.

PreviousOverviewNextClaim Webhooks

Last updated 2 years ago