Contents x
    Secret Key
    • 01 Sep 2023
    • 1 Minute to read
      Contents

      Secret Key

      • Updated on 01 Sep 2023
      • 1 Minute to read
        Article Summary

        The Secret Key method is used to encrypt and decrypt a piece of information by using a key.

        Where do you use a secret key?

        It is an optional property that users can use while sending emails to verify the webhook events. It is used to create a signature. This signature is a way to sign a payload using an key that only the event and listening serves know. The secret key is attached as a header with the event requests sent to your app's server. 

        How does it work?

        This signature does not encrypt the payload but is used to verify the legitimacy of both the source and data. When the request is received by the listening server, it uses its stored secret and the event payload to generate its own SHA1 signature to compare it with the header signature. Insider uses SHA1 hashing algorithm.

        When the secret and payload are the same on both ends  the signatures will match which will prove the authenticity of the request and data.

        What are the benefits of using a secret key?

        It is a secure system which assists you in making sure that the events you receive on your endpoint are verified events coming from Insider.

        How do you create a secret key?

        1. Navigate to Settings > Inone Settings.  

        2. Go to Email Settings > Webhook Settings (at the bottom of the page).

        3. Check the "Enable webhook for email events" box, and add your Webhook URL and Secret key.

        4. Click the Save Changes button to save your values.

        5. Now you can add the key and value as header as in the example below to send the secret key request. When you import the request inside the API platform you are using, you will be able to see it. 

        Your title goes here
        The example below shows X-INS-AUTH as the key and MY_SECRET as the value of it.
        curl --location 'test.com' \
--header 'Content-Type: application/json' \
--header 'Cookie: __cfduid=db8b2b5328c122418b037bdc1e735f3881567082256' \
--header 'X-INS-AUTH: MY_SECRET' \
--data-raw '{
  "email": "sample@useinsider.com",
  "event": "bounce",
  "event_type": "blocked",
  "reason": "unable to get mx info: lookup <nil>: unrecognized address",
  "campaign_name": "My Email",
  "timestamp": 1563890443,
  "iid": "80147815-d6c1-459d-9edb-2f3456d4179b",
  "variation_id": 1234,
  "subject": "My email subject"
}'
        Was this article helpful?
        What's Next
        ESC

        Eddy, a super-smart generative AI, opening up ways to have tailored queries and responses