This page covers the verification step when first setting up a webhook on Dashboard. Please see our payload verification section for information on how to verify webhook payloads from vehicles.

When you first set up a webhook on Dashboard, Smartcar will post a challenge request to ensure we’re sending payloads to the correct place. This is a one time event and will be in the following format:

        "version": "2.0",
        "webhookId": "<uuid>",
        "eventName": "verify",
        "payload": { "challenge": "<random-string>" }

Upon receiving the request, your server will need respond to the challenge by hashing payload.challenge with your application_management_token to create a SHA-256 based HMAC.

Return the hex-encoded hash as the value for challenge in your response body with a 200 status code.

Our backend SDKs have helper methods to generate the HMAC.

    "status" : 200,
    "headers" : {
        "Content-Type": "application/json"
    "body" : {
        "challenge" : "{HMAC}"