If you would like to verify that a Webhook has been issued from Chatsight, you can verify that all messages sent are legitimate by generating a shared secret.

Any relevant areas where a HMAC needs to be generated will be done so using SHA-256. To validate any message, simply locate the time property in any request, and calculate the HMAC SHA-256 of that value as a String. Match up the issued HMAC with one generated locally to authenticate the message.

To renew or replace the secret, simply re-call this route to invalidate the old secret and be issued a new one.


PATCH https://api.chatsight.ai/addons/secrets

HEADER x-chatsight-api-auth: <<apiKeyExample>>

curl --location --request PATCH 'https://api.chatsight.ai/addons/secrets' \
--header 'x-chatsight-api-auth: <<apiKeyExample>>' \
--header 'Content-Type: application/json' \
--data-raw '{}'


    "api": "chatsight-lang-text",
    "success": true,
    "response": {
        "sharedSecret": "...",
        "info": "This secret will not be shown again!"