I’ve configured my own webhook for after_message trigger along with the username and password for auth so i can verify on my own server. but once i recieve the event, where is my username and password? i can see that therer’s a authorization header only. how can i verify that to the auth i set on webhook in my cometchat app?
The webhooks are protected by basic authorization.
The header value has a structure below:
credentials = base64_encode(username + “:” + password)
For example: If you have configured webhook with username as
johndoe and password as
pa55w0rd, then the header will look like:
Authorization: Basic YWRtaW46cGE1NXcwcmQ=
To verify the requests received to webhook URL you can use the standard authorization libraries available for your server-side language or verify it by string operations and base64_decode.
For more information please refer to: