1

Get your webhook secret

Log in to Doczilla and grab your webhook secret key from the organizations settings page.

2

Get the header

The x-doczilla-signature header is included in each webhook call containing a signature that you can verify.

Doczilla generates signatures using a hash-based message authentication code (HMAC) with SHA-256. To prevent downgrade attacks.

3

Verify the signature with raw body

To verify your webhook simply re-create the signature with your webhook secret and the raw body.

See also Webhook event for the full event payload.

Examples

import Doczilla from '@doczilla/node'
import express from 'express'

const doczilla = new Doczilla('doczilla-...')

// Set your webhook secret here
const webhookSecret = 'whsec-...'

const app = express()

// Match the raw body to content type application/json
app.post(
  '/webhook',
  express.raw({ type: 'application/json' }),
  (request, response) => {
    const signature = request.headers['x-doczilla-signature']

    try {
      const payload = doczilla.webhook.verifyPayload(request.body, signature, webhookSecret)

      // Do something with the generated document
      console.log(payload)

      // Return a response to acknowledge receipt of the event
      response.json({ received: true })

    } catch (err) {
      response.status(400).send('Signature invalid!')
    }
  }
)

app.listen(4242, () => console.log('Running on port 4242'))