Bird
0
0

You receive webhook requests with a signature header. To securely verify the webhook, which steps should you perform in order? Select the correct sequence.

hard📝 Application Q15 of 15
Rest API - Webhooks and Events
You receive webhook requests with a signature header. To securely verify the webhook, which steps should you perform in order? Select the correct sequence.
A1. Retrieve secret key 2. Compare signatures 3. Compute HMAC of payload 4. Accept webhook if signatures do not match
B1. Accept webhook 2. Compute HMAC of payload 3. Compare signatures 4. Log the webhook
C1. Compute HMAC of payload 2. Retrieve secret key 3. Compare signatures 4. Reject webhook if signatures match
D1. Retrieve the secret key 2. Compute HMAC of the payload using the secret 3. Compare computed signature with header signature 4. Accept webhook if signatures match
Step-by-Step Solution
Solution:

  1. Step 1: Retrieve the secret key

    You need the secret key first to compute the HMAC signature.

  2. Step 2: Compute HMAC of the payload using the secret

    Use the secret key and payload to compute the signature.

  3. Step 3: Compare computed signature with header signature

    Check if the computed signature matches the one sent in the webhook header.

  4. Step 4: Accept webhook if signatures match

    Only accept the webhook if the signatures are the same to ensure trust.

  5. Final Answer:

    1. Retrieve the secret key 2. Compute HMAC of the payload using the secret 3. Compare computed signature with header signature 4. Accept webhook if signatures match -> Option D

  6. Quick Check:

    Secret -> Compute -> Compare -> Accept [OK]
Quick Trick: Always compute signature before comparing and accepting [OK]
Common Mistakes:
MISTAKES
  • Accepting webhook before verification
  • Comparing before computing signature
  • Rejecting on matching signatures

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Rest API Quizzes
API Documentation - Example requests and responses - Quiz 11easy API Testing and Monitoring - API analytics and usage metrics - Quiz 1easy API Testing and Monitoring - Why testing validates contracts - Quiz 2easy Advanced Patterns - Long-running operations (async responses) - Quiz 12easy Advanced Patterns - Long-running operations (async responses) - Quiz 14medium Batch and Bulk Operations - Async batch processing - Quiz 1easy Batch and Bulk Operations - Batch update patterns - Quiz 10hard Caching Strategies - Last-Modified and If-Modified-Since - Quiz 4medium Caching Strategies - If-None-Match and 304 responses - Quiz 15hard Caching Strategies - Validation-based caching - Quiz 1easy