Configure Your Webhook URL

Configure Webhook Settings

Use the Mati Dashboard webhook settings to configure a URL and secret to receive webhooks from your users' verifications. Visit the For Developers tab and select webhooks to configure one webhook URL and webhook secret for each Experience ID you want to integrate into your application.

Mati Dashboard screenshot: Configure new Webhook and Webhook URL and secretMati Dashboard screenshot: Configure new Webhook and Webhook URL and secret

Mati Dashboard screenshot: Configure new Webhook and Webhook URL and secret

Webhook Secret

You have to set a "webhook secret" that we will use to hash out on of the headers in our webhooks, by decoding it using your "webhook secret" and comparing the decoded string you can always make sure that the webhook is coming from Mati and not another party.

The following example in JavaScript adds a decoding script.

    const crypto = require('crypto');
    
    // A sample webhook coming from Mati
    const WEBHOOK_PAYLOAD = 
    {   
        eventName: 'verification_completed',
        metadata: {email: '[email protected]'},
        resource: 'https://api.mati.io/api/v1/verifications/db8d24783',
    };
    
    const MERCHANT_SECRET = 'your_mati_webhook_secret';
    
    // Mati hashes your webhook payload
    const signature = crypto.createHmac('sha256', MERCHANT_SECRET).update(JSON.stringify(WEBHOOK_PAYLOAD)).digest('hex');
    console.log(signature);
    
    function verify(signature, secret, payloadBody) {
        let hash = crypto.createHmac('sha256', secret);
        hash = hash.update(payloadBody).digest('hex');
        return hash === signature;
    }
    
    let isValidPayload;
    
    isValidPayload = verify(signature, MERCHANT_SECRET, JSON.stringify(WEBHOOK_PAYLOAD));
    console.log(isValidPayload);

For each verification that Mati processes, we will send you webhook events. Review our Webhook Specifications for more details on each event and how to access the Resource URL.


Did this page help you?