This will serve as guide as how you will be able to test the webhook integration works with your system. You should be able to just invoke the endpoint mentioned below, supplied with the API-key in the header.

Target Endpoint:

POST https://api.begini.co/v1/webhooks-management/test

Headers:

Api-key: <API Key from Integration>

Response Status

{
    "webhook_receiver_status_code": 200,
    "detail": "Any detail"
}

{     
 "detail": "No Api-key supplied"     
}

{     
    "detail": "Invalid Api-key"     
} 

{     
    "detail": "Webhooks not set for 622056dce007dc805c741751, please set in Begini Dashboard"     
}

{     
    "detail":  {     
        "webhook_receiver_status_code": 403,  
        "webhook_receiver_body_content": "{\"detail\":\"Validation Failure\"}"     
    }     
}

{     
    "detail": "Cannot connect to host example.com "     
}

Security Features

• Begini advises to whitelist the IPs of the Begini Platform for additional security.
• Begini uses HMAC signature (Hexdigest) to ensure that the webhook transmitted is not altered in the middle and the authenticity of the payload really comes from the Begini Platform. In order to verify the HMAC signature, the API Key will be used to generate the HMAC Hex Digest that will be compared to the signature. Please sample code how to validate the HMAC

Python using FastAPI:

import hashlib
import hmac
from fastapi import APIRouter,  Request, HTTPException, status
test_router = APIRouter()
@test_router.post('/webhook-receiver')
async def test(request: Request):
    payload = await request.body()
    signature_from_request = request.headers.get("X-Signature")
    expected_signature = hmac.new('<API-Key>'.encode('utf-8'), payload, digestmod=hashlib.sha512).hexdigest()
    if not hmac.compare_digest(expected_signature, signature_from_request):
        raise HTTPException(status_code=403, detail='Validation Failure')
    return status.HTTP_200_OK