If you would like to verify that a Webhook has been issued from Chatsight, you can verify that all messages sent are legitimate by generating a shared secret.
Any relevant areas where a HMAC needs to be generated will be done so using SHA-256. To validate any message, simply locate the time property in any request, and calculate the HMAC SHA-256 of that value as a String. Match up the issued HMAC with one generated locally to authenticate the message.
To renew or replace the secret, simply re-call this route to invalidate the old secret and be issued a new one.
Request
PATCH https://api.chatsight.ai/addons/secrets
HEADER x-chatsight-api-auth: <<apiKeyExample>>
curl --location --request PATCH 'https://api.chatsight.ai/addons/secrets' \
--header 'x-chatsight-api-auth: <<apiKeyExample>>' \
--header 'Content-Type: application/json' \
--data-raw '{}'
Response
{
"api": "chatsight-lang-text",
"success": true,
"response": {
"sharedSecret": "...",
"info": "This secret will not be shown again!"
}
}