From 5e8595fd6df863591235d528b0d63fd323e77418 Mon Sep 17 00:00:00 2001 From: Fabien Lavocat <4154532+FabienLavocat@users.noreply.github.com> Date: Wed, 1 Jul 2026 12:54:03 -0700 Subject: [PATCH 1/3] Clean up webhook code --- millicast/webhooks/index.mdx | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/millicast/webhooks/index.mdx b/millicast/webhooks/index.mdx index 34bd351b605d..80f43dabbf52 100644 --- a/millicast/webhooks/index.mdx +++ b/millicast/webhooks/index.mdx @@ -117,22 +117,22 @@ The platform will send a `POST` request to the _Webhook url_ specified when the ### How-to verify the webhook -A signature verification header, `X-Millicast-Signature`, is included in the callback request. This SHA1 signature uses the _Webhook secret_ so that you may verify the origin and data integrity. +A signature verification header, `x-millicast-signature`, is included in the callback request. This SHA1 signature uses the _Webhook secret_ so that you may verify the origin and data integrity. Here is a code sample for how to use the signature to check the data. -```Text title="Node.js" +```javascript title="Node.js" const webhookSecretBuffer = Buffer.from(webhookSecret, 'base64'); - const calculatedSignature = 'sha1=' + Crypto.createHmac('sha1', webhookSecretBuffer) - .update(body) - .digest('hex'); - const headerSignature = request.get('X-Millicast-Signature'); - - if (calculatedSignature !== headerSignature) { - console.warn('Invalid signature sent to us, unsafe data'); - res.status(400).send('BAD SIGNATURE'); - return; - } +const calculatedSignature = 'sha1=' + Crypto.createHmac('sha1', webhookSecretBuffer) + .update(body) + .digest('hex'); +const headerSignature = request.get('x-millicast-signature'); + +if (calculatedSignature !== headerSignature) { + console.warn('Invalid signature sent to us, unsafe data'); + res.status(400).send('BAD SIGNATURE'); + return; +} ``` ### Webhook schema From 10fb208b70a1014612c82a9360f7b9d7fa315962 Mon Sep 17 00:00:00 2001 From: Fabien Lavocat <4154532+FabienLavocat@users.noreply.github.com> Date: Wed, 1 Jul 2026 12:59:22 -0700 Subject: [PATCH 2/3] Update thumbnail.mdx --- millicast/webhooks/thumbnail.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/millicast/webhooks/thumbnail.mdx b/millicast/webhooks/thumbnail.mdx index 2470eac71804..bd5a16e536ea 100644 --- a/millicast/webhooks/thumbnail.mdx +++ b/millicast/webhooks/thumbnail.mdx @@ -62,11 +62,11 @@ The thumbnail webhook is a POST request that will be sent to the webhook URL wit The following HTTP headers are on the request to identify stream details: -- **X-Millicast-Timestamp**: timestamp of the generated thumbnail. -- **X-Millicast-Feed-Id**: OptiView Real-time Streaming feed id. -- **X-Millicast-Stream-Id**: OptiView Real-time Streaming stream id. -- **X-Millicast-Token-Id**: OptiView Real-time Streaming publish token id. -- **X-Millicast-Signature**: SHA1 signature using the hook configured secret (The same signature mechanism used by the other webhooks). +- **x-millicast-timestamp**: timestamp of the generated thumbnail. +- **x-millicast-feed-id**: OptiView Real-time Streaming feed id. +- **x-millicast-stream-id**: OptiView Real-time Streaming stream id. +- **x-millicast-token-id**: OptiView Real-time Streaming publish token id. +- **x-millicast-signature**: SHA1 signature using the hook configured secret (The same signature mechanism used by the other webhooks). ## Troubleshooting From 0cb27e3657be598b3861c0b0edc8731c2e4c5ffc Mon Sep 17 00:00:00 2001 From: Fabien Lavocat <4154532+FabienLavocat@users.noreply.github.com> Date: Wed, 1 Jul 2026 13:32:55 -0700 Subject: [PATCH 3/3] Format Signed-off-by: Fabien Lavocat <4154532+FabienLavocat@users.noreply.github.com> --- millicast/webhooks/index.mdx | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/millicast/webhooks/index.mdx b/millicast/webhooks/index.mdx index 80f43dabbf52..a66857a43ca3 100644 --- a/millicast/webhooks/index.mdx +++ b/millicast/webhooks/index.mdx @@ -123,9 +123,7 @@ Here is a code sample for how to use the signature to check the data. ```javascript title="Node.js" const webhookSecretBuffer = Buffer.from(webhookSecret, 'base64'); -const calculatedSignature = 'sha1=' + Crypto.createHmac('sha1', webhookSecretBuffer) - .update(body) - .digest('hex'); +const calculatedSignature = 'sha1=' + Crypto.createHmac('sha1', webhookSecretBuffer).update(body).digest('hex'); const headerSignature = request.get('x-millicast-signature'); if (calculatedSignature !== headerSignature) {