url-verification


Event: #

This event is fired when an Events Webhook URL is changed, whether via the UI or API or anywhere else.

This is for Cord to verify ownership of the Event Webhook URL you provided, and for you to confirm that your configuration is at least minimally working.

Payload #


message #

string

The event payload consists only of a string to aid debugging, which you can ignore.


Verifying events webhook URL #

⚠️

Creating a new Application with an eventWebhookURL field via the REST API will skip the URL verification process. Your URL could be invalid.

Whenever you save a new events webhook URL via the Cord Console or set it through the API, a URL verification process will be triggered to ensure ownership of the URL and to check the URL works. We will attempt to send the following HTTP POST request to your URL:

applicationID: 'your-application-id',
event: { message: 'Please respond with a HTTP 200 status code.' },
timestamp: '1695418289697',
type: 'url-verification'
Copy

Once you receive this event, verify the incoming event then respond with a HTTP 200 status code:

import { createHmac } from 'crypto';

const cordTimestamp = req.header('X-Cord-Timestamp');
const cordSignature = req.header('X-Cord-Signature');
              
const bodyString = JSON.stringify(req.body);
const verifyStr = cordTimestamp + ':' + bodyString;
const hmac = createHmac('sha256', <YOUR_CORD_APPLICATION_SIGNING_SECRET>);
hmac.update(verifyStr);
const incomingSignature = hmac.digest('base64');
              
if (cordSignature !== incomingSignature) {
  throw new Error('Unable to verify signature');
} else {
  // responding to verify URL request
  if (req.body.type === 'url-verification') {
    res.sendStatus(200);
    return;
  }
}
Copy

The connection will be open for three seconds, during which time your app should respond to the request. If no response is received within three seconds, the verification process will fail and you will have to try again.

Ask Cordy