Webhooks
Eden AI webhooks are a feature that allows users to receive real-time notifications or data updates from the Eden AI asynchronous APIs. Webhooks provide a way for applications or services to be notified automatically when Eden APIs request is finished.
Eden AI webhook are available for all asynchronous features:
Eden AI webhooks enable users to create dynamic and real-time integrations with the platform, allowing for timely responses to events or updates. By leveraging webhooks, users can streamline workflows, automate processes, and stay informed about the latest insights and changes within the Eden AI system.
Signed Webhooks
Webhooks are by default sent over HTTPS. However, for more additional security and to be able to verify that webhooks indeed are sent by us, webhooks data are hashed and signed with a secret private key.
RSA Public Key
To be able to verify webhooks signature, and check that
edenai
is indeed the sender of the webhook, we make available a public key -shown here after- to be used to verify payload signature.
-----BEGIN RSA PUBLIC KEY-----
MIIBigKCAYEA2fQneVfTrhkDdlvqs2ViT0tZ9PCkL0vHanZMc+6YyvvewIQRp1bH
8Q13gYDf0t/tCKhVJqnPQ7qXekhtBrC1uMAf/qDhUhkKB0w9Xt5DXbEZaxFQjrlD
SHwcWdhH+BOAVDxQvaDuWveS8/kEIuo8x/QLNOVTrUSKnjXnnqZ2k6OeD0WHv/6b
LqPjFxdwL+4hi0nw1O57IfW7Oqzcd5JFX1Aq8nU4N0P8PEetUl84LKCiiT801wKO
ksUJUtjGHqdtOqP4g0Vk0w5BtBDPVPyFeQNLpALTxeG2WUtNtOiZCl0757K6dY13
FYR86e7KUlQzaZhy2vBKtghi5Rf03puk8fTS8zuO5LSX9GmHxZ1aywIvx6kcjp52
S52/q6ZdXuTe+0DCxjoFCnJ3C/6cNphEpZggShdZUtJFo85ImMRAesD0+hjeHuhq
Guis/i1JOHzYcSpKVCaksujrscR+m7Id1XrF/DY4gF8hizGHsEcurP+A6epUblTD
tg/F0foYfitfAgMBAAE=
-----END RSA PUBLIC KEY-----
How it works
The request body stays the same, which means that the JSON body payload of the webhook remain the same, unencrypted and unhashed.
We will add in the request header our signature in the following format:
x-edenai-signautre
: Contains the signature of the hashed payload (we will explain more in details in the following sections).x-edenai-hash-algorithm
: SHA256. We specify here that we are using theSHA 256
algorithm for hashing the payload data (stringified with an indent of 2) before signing it with our private key .
To be able to verify the signature of the JSON payload, you will need to hash the JSON data using the same algorithm SHA 256
. After-which, you can run the verification using the obtained hash and the provided public-key
shown above.
const crypto = require('crypto');
// we select the SHA 256 algorithm
const verify = crypto.createVerify('sha256');
// We hash the payload with an indent of 2,to ensure having the same format as in server side
const hashed_payload = crypto.createHash('sha256')
.update(JSON.stringify(data, null, 2))
.digest('hex');
verify.update(hashed_payload);
verify.end();
// we build the key Object
const Key = {
key: the_public_key, // the public key shown above
padding: crypto.constants.RSA_PKCS1_PADDING
};
// getting the signature in a buffer
const signatureBuffer = Buffer.from(signature, "hex");
// Now, we can check the signature using the built key and the buffer containing the signature
const verified = verify.verify(key, signatureBuffer);
if (verified === true) {
console.log("request verified :D !");
}
import json
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
# First, we hash the payload
hashed_payload = hashlib.sha256(
json.dumps(payload, indent=2).encode('utf-8')
).hexdigest()
degest = SHA256.new(data = hashed_payload.encode())
#We get the signature in bytes
sig = bytes.fromhex(signature)
#we get the public key shown above
public_key = RSA.importKey(open("path/to/public-key.pem", 'r').read())
verifier = PKCS1_v1_5.new(public_key)
verified = verifier.verify(degest, sig)
if verified == True:
print("request verified :D !")
Updated 10 months ago