All communications between the publisher and the Appcharge system are authenticated and secure using HTTPS and authentication methods.
Appcharge uses signature hashing for secure communication between the two platforms.
The main key can be found in the Appcharge dashboard, Admin panel, and Integration tab.
In every webhook coming from Appchage 2 HTTP headers will be added:
- "x-publisher-token" - the publisher token found in the Dashboard admin panel, integration tab, can be used for multiple Appcharge accounts.
- "signature" - the HTTP payload signed (hashed) using the below description:
- The schema consists of 2 parts:
- Time in UNIX timestamp
- The HTTP payload sign using sha256 and the main key. Formatting the output in hex encoding
static signPayload(data: string, secretKey: string): string {
const hmac = crypto.createHmac("sha256", secretKey);
hmac.update(data);
return hmac.digest("hex"); // hex encoding
}
const currentTimestamp = new Date().getTime(); // UNIX timestamp
const sign = signPayload(httpPayload, mainKey); // HTTP payload signing
const signature: `t=${currentTimestamp},v1=${sign}`,