This page covers the verification step when first setting up a webhook on Dashboard. Please see our payload verification section for information on how to verify webhook payloads from vehicles.

When you first set up a webhook on Dashboard, Smartcar will post a challenge request to ensure we’re sending payloads to the correct place. This is a one time event and will be in the following format:

verificationRequest.body
    {
        "version": "2.0",
        "webhookId": "<uuid>",
        "eventName": "verify",
        "payload": { "challenge": "<random-string>" }
    }

Upon receiving the request, your server will need respond to the challenge by hashing payload.challenge with your application_management_token to create a SHA-256 based HMAC.

Return the hex-encoded hash as the value for challenge in your response body with a 2XX status code.

Our backend SDKs have helper methods to generate the HMAC.

verificationResponse.body
{
    "status" : 204,
    "headers" : {
        "Content-Type": "application/json"
    },
    "body" : {
        "challenge" : "{HMAC}"
    }
}


    hmac = smartcar.hash_challenge(
            application_management_token, 
            payload.challenge
        )