🚧 The Saascannon docs are currently under construction, we are working hard to document Saascannon thoroughly 🚧
Webhooks
Handling Webhooks

Handling Webhooks

Webhooks sent by Saascannon are signed with a secret key to ensure that the webhook is coming from Saascannon. This secret key is unique to each tenant and is used to sign the payload. You can verify the signature of the webhook by comparing the signature in the x-webhook-signature header to the sha256 HMAC of the request body using the secret key. To check the event type you can use the x-webhook-event-type header.

Refer to the following example to see how you can handle webhooks in your app (Node.js example):

// Import the crypto module
import crypto from "crypto";
 
// Get the secret key from the environment
const secret = process.env["SAASCANNON_WEBHOOK_SECRET"];
 
function handleWebhook(req, res) {
  // Get the signature from the headers
  const signature = req.headers["x-webhook-signature"];
 
  // Create a HMAC with the secret key
  const hmac = crypto.createHmac("sha256", secret);
  // Update the HMAC with the request body
  hmac.update(req.body);
  // Get the hash of the HMAC
  const hash = hmac.digest("hex");
  // Compare the hash to the signature
  if (hash !== signature) {
    return res.status(401).send("Invalid signature");
  }
  // Parse the request body
  const data = JSON.parse(req.body);
  // Get the event type from the headers
  const type = req.headers["x-webhook-event-type"];
 
  if (type === "subscription.updated") {
    // Handle the subscription updated event
  }
 
  // Respond with a 200 OK
  return 200;
}
Configuring Your Tenant