问题描述
它是如何产生的?我如何验证它?
How it generate? How I can validate it?
https://developer.bigcommerce.com/api/webhooks-getting-started
{
"store_id": 11111,
"producer": "stores/abcde",
"scope": "store/order/statusUpdated",
"data": {
"type": "order",
"id": 173331
},
"hash": "3f9ea420af83450d7ef9f78b08c8af25b2213637"
}
推荐答案
@KarenWhite回答了此问题,他们是该线程的开发人员. https://support.bigcommerce. com/s/question/0D51B00004G6kJf/incoming-webhook-posts-hash-field-in-payload
This was answered by @KarenWhite, their developer evangelist in this thread.https://support.bigcommerce.com/s/question/0D51B00004G6kJf/incoming-webhook-posts-hash-field-in-payload
$payload['hash'] = sha1(json_encode($payload));
此外,有关Webhook安全的立场已记录在2018年的市政厅中 https://support.bigcommerce.com/s/article/BigCommerce-Town-Hall-February-2018
Additionally, the stance on webhook security is documented in the 2018 townhallhttps://support.bigcommerce.com/s/article/BigCommerce-Town-Hall-February-2018
A .今天,我们的网络钩子包含的信息很少-它们仅包含ID.去查找其他信息.您需要获得授权才能验证ID.根据商店的API确定所请求的实际信息.我们还通过TLS加密保护了Webhooks,并使开发人员能够将自己的标头添加到事件中,以提高安全性.
A. Our webhooks today contain very little information -- they only contain an I.D. to go look up additional information. You would need to be authorized to verify that I.D. against the store’s API to determine the actual information being requested. We also secure our webhooks with TLS encryption, and enable developers to add their own headers to events for additional security.
这篇关于BigCommerce Webhook中的哈希字段是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!