diff --git a/millicast/webhooks/index.mdx b/millicast/webhooks/index.mdx index 34bd351b605d..a66857a43ca3 100644 --- a/millicast/webhooks/index.mdx +++ b/millicast/webhooks/index.mdx @@ -117,22 +117,20 @@ The platform will send a `POST` request to the _Webhook url_ specified when the ### How-to verify the webhook -A signature verification header, `X-Millicast-Signature`, is included in the callback request. This SHA1 signature uses the _Webhook secret_ so that you may verify the origin and data integrity. +A signature verification header, `x-millicast-signature`, is included in the callback request. This SHA1 signature uses the _Webhook secret_ so that you may verify the origin and data integrity. Here is a code sample for how to use the signature to check the data. -```Text title="Node.js" +```javascript title="Node.js" const webhookSecretBuffer = Buffer.from(webhookSecret, 'base64'); - const calculatedSignature = 'sha1=' + Crypto.createHmac('sha1', webhookSecretBuffer) - .update(body) - .digest('hex'); - const headerSignature = request.get('X-Millicast-Signature'); - - if (calculatedSignature !== headerSignature) { - console.warn('Invalid signature sent to us, unsafe data'); - res.status(400).send('BAD SIGNATURE'); - return; - } +const calculatedSignature = 'sha1=' + Crypto.createHmac('sha1', webhookSecretBuffer).update(body).digest('hex'); +const headerSignature = request.get('x-millicast-signature'); + +if (calculatedSignature !== headerSignature) { + console.warn('Invalid signature sent to us, unsafe data'); + res.status(400).send('BAD SIGNATURE'); + return; +} ``` ### Webhook schema diff --git a/millicast/webhooks/thumbnail.mdx b/millicast/webhooks/thumbnail.mdx index 2470eac71804..bd5a16e536ea 100644 --- a/millicast/webhooks/thumbnail.mdx +++ b/millicast/webhooks/thumbnail.mdx @@ -62,11 +62,11 @@ The thumbnail webhook is a POST request that will be sent to the webhook URL wit The following HTTP headers are on the request to identify stream details: -- **X-Millicast-Timestamp**: timestamp of the generated thumbnail. -- **X-Millicast-Feed-Id**: OptiView Real-time Streaming feed id. -- **X-Millicast-Stream-Id**: OptiView Real-time Streaming stream id. -- **X-Millicast-Token-Id**: OptiView Real-time Streaming publish token id. -- **X-Millicast-Signature**: SHA1 signature using the hook configured secret (The same signature mechanism used by the other webhooks). +- **x-millicast-timestamp**: timestamp of the generated thumbnail. +- **x-millicast-feed-id**: OptiView Real-time Streaming feed id. +- **x-millicast-stream-id**: OptiView Real-time Streaming stream id. +- **x-millicast-token-id**: OptiView Real-time Streaming publish token id. +- **x-millicast-signature**: SHA1 signature using the hook configured secret (The same signature mechanism used by the other webhooks). ## Troubleshooting