Documentation Index
Fetch the complete documentation index at: https://docs.rhino.fi/llms.txt
Use this file to discover all available pages before exploring further.
As your endpoint is public, anyone can send it some data. For you to make sure the data is coming from Rhino.fi, you’ll receive a signature in the request header, called X-Rhino-Signature.
To verify the signature you have 2 options:
- Using the SDK
- Manual verification
SDK
To verify the signature received using the SDK, you can do the following:
const isValid = await sdk.api.webhook.verifySignature(receivedEventBody, signature)
Manual verification
Manually verifying the received signature is a two step process.
You first need to fetch Rhino.fi webhook public key and then use it to verify the signature.
This can be done with the following function:
import { createHash, createVerify } from 'crypto'
const isSignatureValid = async (receivedEventBody, signature) => {
// Fetch Rhino.fi webhook public key
const res = await fetch('https://api.rhino.fi/webhook/public-key')
const publicKeyBase64 = await res.json()
const publicKey = Buffer.from(publicKeyBase64, 'base64').toString()
// Hash the stringified event
const hash = createHash('sha256')
const hashedMessage = hash.update(
JSON.stringify(receivedEventBody),
)
// Verify the signature
const verify = createVerify('RSA-SHA256')
verify.update(hashedMessage.digest('hex'))
return verify.verify(publicKey, signature, 'hex')
}
