Home
Guides
Join CommunitySchedule DemoGet API Keys

Introduction

Suggest Edits

To ensure you're only responding to legitimate requests from Ramp, it's crucial to verify the authenticity of each request. This can be done by validating the signature included with the request.
All valid requests include an x-ramp-signature header, which contains an HMAC SHA256 signature. This signature is generated using your secret key and is based solely on the data object within the response payload.

const crypto = require(“crypto”);
const secretKey = sk_******

router.post(‘/your_webhook_url’, (req, res, next) => {
  const hash = crypto.createHmac('sha256', secretKey).update(JSON.stringify(req.body.data)).digest('hex');

   if (hash === req.headers[‘x-ramp-signature’]) {
     // Continue with the request functionality
   } else {
     // Don’t do anything, the request is not from us.
   }
});

Responding to a Webhook Request

It's important to respond to incoming requests with a 200 status code to confirm receipt. Ramp only considers the status code in the response and does not process any other parameters.

Updated 9 days ago