Contit uses webhooks to send notifications to applications that can be reached online when a change in your content occurs. Webhooks are common practice in asynchronous scenarios without the need to continuously poll for a change in content.
Contit notifies you in real time when content is published, drafted, or deleted in HTTP POST mode by adding the Contit-Signature header to the request.
This signature is composed of a pair of values as follows:
Contit-Signature:
t=1651651711,s=27f573fd6cd84300b8903bb776c0b9e327f573fd6cd84300b8903bb776c0b9e3
There are 2 parameters in the signature:
t = timestamp
s = signature
Contit generates signatures using a hash function-based message authentication mode (HMAC) with SHA256. In the client application you can verify that the notification is not forged using the same encryption algorithm and verify the timestamp from when the notification arrived until it was generated.
The signature ("s" parameter) is generated using the payload by concatenating the timestamp with the notification json:
{timestamp}.{payload}
Here is the example of generating the signature:
private static string ComputeSignature(string secret, string timestamp, string json)
{
var secretBytes = Encoding.UTF8.GetBytes(secret);
var payloadBytes = Encoding.UTF8.GetBytes($"{timestamp}.{json}");
using (var cryptographer = new HMACSHA256(secretBytes))
{
var hash = cryptographer.ComputeHash(payloadBytes);
return BitConverter.ToString(hash).Replace("-", string.Empty).ToLowerInvariant();
}
}
The secret key is generated by the management panel at https://app.contit.cloud in the webhook section.