I am setting up a webhook in a 3rd party tool. In setting up the webhook I am given a “secret”. This is a random string of letters and obviously needed for authentication.
I am unsure how to configure the webhook node to use this secret correctly.
It looks like you create that secret and they send a SHA256 sum along with each request using that key to sign it and you then need to verify it before processing the webhook. Technically you can just ignore it but it is there for security.
So when the body comes in to the webhook you will see a X-Dentally-Signature header, You will need to use the crypto node to generate your own signature with something like the below where $json[‘body’] is an expression to get the webhook body and the secret is the value from earlier.
Start with a webhook node. That will catch the incoming data but I wont be able to see the body right? I link the webhook node to the crypto node and configure the crypto node as you have shown. I am not quite following how to configure the $json[‘body’] as an expression. I assume I map it to whatever comes into the webhook node?
I am confused on the IF node and how to configure that. Would that be a node after the crypto node? can I get a for dummies explanation there? How would that be used to show the body of the webhook?