Label Webhook Authentication

Hi
I am a carrier looking at developing your Carrier Label Webhook. I have had your support team configure the webhook for us, but when receiving the webhook, we cannot see the API token in either the headers or body. Where can we expect to receive the token to authenticate the the request and customer sending it?

We plan on implementing this webhook to multiple mutual customers.

Regards,
Adam

Hi @adamc
We currently don’t have that available for that Webhook.
Do you want me to log a feature request for this to be added?
Would something like Request Verification work for you?
Thanks in advance!
Tom

Hi @tomasw

Will the Request Verification link back to the API Secret that is setup in https://app.shiphero.com/dashboard/settings/api when we setup the API Credentials?

Adam

Hi @adamc
Yes, with the other Webhooks that is how it works, with the API Secret and the Body of the request you can encode it and match it to the hmac
Would this work for you?
Thanks again!
Tom

Hi @tomasw
Yes this would work. Having a look at your documents and test webhook we have received there is no header details for hmac values. Does this need to be turned on additionally to the webhook?

We must have some way to identify the receiving webhook otherwise we will not be able to use your generate label webhook.

Adam

Hi @adamc
I just wanted to let you know I submitted a feature request for this to be added.
Currently the Generate Label Webhook doesn’t have this verification I mentioned.
I will let you know as soon as I have an update about this.
Thank you again for your patience
Tom

Thanks @tomasw. We really appreciate it. :slight_smile:

1 Like

Hi @adamc!
You should be receiving the x-shiphero-hmac-sha256 now on your Generate Label Webhook URL.
Thank you very much while we worked on this.
Please let me know if there is anything else I could help with!
Tom