Webhooks
Callback URI Verification
This page covers the verification step when first setting up a webhook on Dashboard. Please see our payload verification section for information on how to verify webhook payloads from vehicles.
When you first set up a webhook on Dashboard, Smartcar will post a challenge request to ensure we’re sending payloads to the correct place. This is a one time event and will be in the following format:
verificationRequest.body
{
"version": "2.0",
"webhookId": "<uuid>",
"eventName": "verify",
"payload": { "challenge": "<random-string>" }
}
Upon receiving the request, your server will need respond to the challenge by hashing payload.challenge
with your application_management_token
to create a SHA-256
based HMAC
.
Return the hex-encoded hash as the value for challenge
in your response body with a 2XX status code
.
Our backend SDKs have helper methods to generate the HMAC
.
verificationResponse.body
{
"status" : 204,
"headers" : {
"Content-Type": "application/json"
},
"body" : {
"challenge" : "{HMAC}"
}
}
hmac = smartcar.hash_challenge(
application_management_token,
payload.challenge
)
hmac = smartcar.hash_challenge(
application_management_token,
payload.challenge
)