firecrawl icon indicating copy to clipboard operation
firecrawl copied to clipboard

Published 20 hours ago • verified publisher icon mendableai

Added support for webhook authentication

Open txrp0x9 opened this issue 4 months ago • 4 comments

Adds a verification_token field to the crawl URL, used with the webhook field. It accepts a nonce string for the server to verify upon receiving webhooks, ensuring they originate from a legitimate source.

Adds HMAC-SHA256 verification on webhooks If provided with a "secretKey" in the request body, the webhook response will now contain a header, "Webhook-Signature": "sha256=<hash>" The <hash> being a SHA256 hash with the secretKey on the raw request body string.

Example of verifying the request body with express.js Make sure to use the body string before it is parsed to JSON (JSON.parse() or equivalent). Ideally in a middleware.

Fixes #813

txrp0x9 avatar Oct 24 '24 16:10 txrp0x9