WebsiteGithubStatusDiscord

API Portal: Manage API Keys and Webhooks

An app for managing Request Network API keys and webhooks.

🕹️ Try it out

Overview

The Request Network API Portal provides app developers with a platform to securely manage their API keys and webhook endpoints.

Key Features

API Key Management

  • Create and Manage API Keys: Users can create new API keys for authentication.

  • Toggle and Delete API Keys: API keys can be toggled on and off, or deleted if no longer needed, enhancing control over API access.

  • Security Guidelines: API keys are sensitive and should never be shared publicly. In case of compromise, users are advised to create a new key, update their code, and delete the compromised key.

  • Multiple Keys: Allows the creation of multiple API keys for different environments or applications.

Webhook Management

  • Create and Manage Webhooks: App developers can configure webhook endpoints to receive real-time notifications for payment events.

  • Security Guidelines: Each webhook request includes a signature in the `x-request-network-signature` header to ensure authenticity.

  • Signature Verification: The signature is a SHA-256 HMAC of the request body, signed using the webhook secret.

Example Verification Code:

import express from 'express';
import crypto from 'node:crypto';

const app = express();
const WEBHOOK_SECRET = 'your_webhook_secret';

app.post('/payment', async (req, res) => {
  const signature = req.headers['x-request-network-signature'];
  const expectedSignature = crypto
    .createHmac('sha256', WEBHOOK_SECRET)
    .update(JSON.stringify(req.body))
    .digest('hex');

  if (signature !== expectedSignature) {
    return res.status(401).json({
      success: false,
      message: 'Invalid signature'
    });
  }

  // Business logic here
  return res.status(200).json({ success: true });
});

Usage

Creating API Keys

  • Navigate to the "API Keys" section.

  • Click on "Create new key."

  • Store the key securely and never share it publicly.

Configuring Webhooks

  • Navigate to the "Webhooks" section.

  • Click on "Add webhook."

  • Enter the endpoint URL and ensure the endpoint is secure and can handle incoming JSON payloads.

Security Considerations

  • Keep API keys and webhook secrets secure. Never expose them in public repositories or client-side code.

  • Verify all webhook signatures to ensure authenticity and integrity.

  • Use HTTPS for all endpoints to encrypt communication.

PreviousEasyInvoice: API Demo AppNextManage API Keys and Webhooks programmatically

Last updated

Was this helpful?