A webhook lets an application share real-time information with other apps. Since data transfer happens instantly, the popularity of webhooks is increasing rapidly these days.

With Postmen webhook, you can receive the push update when the API is made asynchronously. Here’s how you can enable it:

👨‍💻 How to setup the Webhooks

Go to your Postmen account’s ‘Webhooks’ settings
Add webhook URL

👨‍💻 Webhook Signature

Check for AfterShip's base64-encoded HMAC generated signature to verify all incoming webhook events to avoid replay attacks.

Webhooks includes a calculated digital signature for verification. Each webhook request includes a am-webhook-signature header. The signature is a base64-encoded HMAC generated using sha256 algorithm with webhook request body and webhook secret of your account.

Each webhook request could be verified by comparing the computed HMAC digest and the attached HMAC digest in header.

The following Node.JS example demonstrates the computation of a webhook signature.

const crypto = require('crypto');
const WEBHOOK_SECRET = "...."; // your webhook secret

function generateSignature(webhookPayloadString) {
    return crypto
        .createHmac('sha256', WEBHOOK_SECRET)
        .update(webhookPayloadString, 'utf8', 'hex')
        .digest('base64');
}

const webhookPayloadString = JSON.stringify(webhookPayload);  // your webhook payload

const sign = generateSignature(webhookPayloadString);
console.log('hmac-sha256=' + sign);  // should be equal to `am-webhook-signature` value


Webhook secret can be obtained by going to Settings > Webhooks

👨‍💻 Webhook Outgoing IPs
If your service restricts reception by public IPs, please add all the following IPs to the allow list.
104.154.18.15
34.122.118.39
34.70.29.163
34.70.81.106
34.72.178.234


It’s done with no hassle 🤟
Was this article helpful?
Cancel
Thank you!