Webhook Authentication

Partners can set up webhooks to receive notifications from Kindly whenever predefined events occur.

By configuring the appropriate webhook URLs, partners receive payloads containing relevant data, such as new user registrations, event updates, and shift changes.

To ensure the security and reliability of webhook payloads, we've taken several key measures. These safeguards are designed to protect sensitive data and verify the authenticity of webhook requests.

All webhook payloads are transmitted securely over HTTPS, and webhook request authentication is achieved using an API key. To authenticate the received webhook requests, expect the APIKEY header. This approach ensures both security and authentication for your communications.

Authenticate received Webhooks

Python
C#
JavaScript

import aiohttp
from aiohttp import web

PARTNER_API_KEY = 'valid token'

async def handle_volunteer_registered(request):
    # Check if the 'APIKEY' header is present in the request
    if 'APIKEY' not in request.headers:
        return web.Response(status=401, text='Unauthorized: APIKEY header missing')

    # Verify the 'APIKEY' header value matches the expected API key
    api_key = request.headers['APIKEY']
    if api_key != PARTNER_API_KEY:
        return web.Response(status=401, text='Unauthorized: Invalid APIKEY')

    # Continue processing or handling the webhook data
    pass

app = web.Application()
app.router.add_post('/volunteer-registered', handle_volunteer_registered)

web.run_app(app, host=base_url, port=443)

using System;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;

public class Webhook
{
    private const string PARTNER_API_KEY = "valid token";

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddRouting();
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.UseRouting();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapPost("/volunteer-registered", async context =>
            {
                // Check if the 'APIKEY' header is present in the request
                if (!context.Request.Headers.ContainsKey("APIKEY"))
                {
                    context.Response.StatusCode = 401;
                    await context.Response.WriteAsync("Unauthorized: APIKEY header missing");
                    return;
                }

                // Verify the 'APIKEY' header value matches the expected API key
                var apiKey = context.Request.Headers["APIKEY"];
                if (apiKey != PARTNER_API_KEY)
                {
                    context.Response.StatusCode = 401;
                    await context.Response.WriteAsync("Unauthorized: Invalid APIKEY");
                    return;
                }

                // Continue processing or handling the webhook data
            });
        });
    }
}

const http = require('http');

const PARTNER_API_KEY = 'valid token';

const server = http.createServer((req, res) => {
    if (req.method === 'POST' && req.url === '/volunteer-registered') {
        // Check if the 'APIKEY' header is present in the request
        if (!req.headers['apikey']) {
            res.statusCode = 401;
            res.end('Unauthorized: APIKEY header missing');
            return;
        }

        // Verify the 'APIKEY' header value matches the expected API key
        const apiKey = req.headers['apikey'];
        if (apiKey !== PARTNER_API_KEY) {
            res.statusCode = 401;
            res.end('Unauthorized: Invalid APIKEY');
            return;
        }

        // Continue processing or handling the webhook data
    }
});

server.listen(443);

Authenticate received Webhooks​

Authenticate received Webhooks