To enable webhooks, go to the developer dashboard to configure your webhook URLs
The X-Noonlight-Signature header will be on all webhook requests. It is a Base64 encoded HMAC authentication code generated using the SHA-256 hashing algorithm and your webhook secret.
Simple example of verification in Node.js:
import http from 'http'
import express from 'express'
import bodyParser from 'body-parser'
import { createHmac } from 'crypto'
const app = express()
app.server = http.createServer(app)
app.use(bodyParser.json())
app.post('/webhook', (req, res) => {
const webhookSecret = 'somesecret'
const signature = createHmac('sha256', webhookSecret)
.update(JSON.stringify(req.body))
.digest('base64')
if (signature === req.get('X-Noonlight-Signature')) {
return res.sendStatus(200)
}
res.sendStatus(401)
})
app.server.listen(process.env.PORT, () => {
console.log(`Started on port ${app.server.address().port}`)
})
export default app