Get Webhook Secret
Creem signature is sent in the creem-signature header of the webhook request. The signature is generated using the HMAC-SHA256 algorithm with the webhook secret as the key, and the request payload as the message.
To verify the signature, you need to generate the signature using the same algorithm and compare it with the signature sent in the header. If the two signatures match, the request is authentic.
Yes. To verify the webhook authenticity and to protect our app from deceptive practices, we have implemneted this functionality.
You just have to grab the Webhook Secret from Creem.io dashboard and put it inside Environmental varibales. Rest of the things are already implemented in app code.
Follow below steps:
1- Go to the URL https://www.creem.io/dashboard/developers/webhooks .
2- Open the webhook which we previously created.
3- Here you can see the Reveal Secret button. Just click on it. It will reveals the current webhook secret.
Later we will use this secret value inside Environmental varibales in later docs section .