<% user.full_name %>
<% util.level ? util.level.title : '' %>
Explorer Pioneer Apollo Viking Voyager Pathfinder Orion
Points
<% user.points ? user.points.toLocaleString() : 0 %>
Badges
<% util.badgeCount %>
Streaks
Congratulations You've <% util.newestBadge.isCurriculum ? 'completed' : 'earned' %> the
<% util.newestBadge.title %> <% util.newestBadge.isCurriculum ? 'curriculum' : 'badge' %>!
previous
next
Share to Social Media
Linked In Facebook
Status
<% util.level ? util.level.title : '' %>
<% util.level ? util.level.points : '' %>
<% util.nextLevel ? util.nextLevel.title : '' %>
<% util.nextLevel ? util.nextLevel.points : '' %>
Level up! <% util.levelPointsRemaining %> points to go
Level up! <% util.levelPointsRemaining %> points to go
Badges
Completed Hitchhikers Track Completed Content Track Completed Pages Track Completed Page Builder Track Completed Search Backend Track Completed Search Frontend Theme Track Completed Search UI React Track Completed Solution Templates and the Admin Console Track Completed Technical Skills Track Completed Platform Basics Track Completed Listings Track Completed Reviews Track Completed Industry Overview Track Completed Analytics Track Completed Industry Overview & Product Basics Track Completed Multi-Language Experiences Track Completed Chat Track
<% util.expandBadges ? 'Less' : 'More' %>
Playground Accounts
New +
No Playground Accounts
Create Playground +
View Profile
Log Out loading
Mission Complete! 🚀
Congratulations, you’ve completed your first module!

We hope you enjoy exploring the rest of the site. Please don’t forget to leave us feedback - we are constantly looking to improve. Happy Hitchhiking!
Home
Welcome to Hitchhikers! 👋
To learn more about the platform we encourage you to get started by completing the Hitchhikers Program Track and earning your first badge!
Start Here
Close notification
Guide
Configure Webhooks
Arrow Back
Completed
Introduction
Introduction
completed
Completed 1
Step 1
Set Up your Webhook
completed
Completed 2
Step 2
Using Function Hooks
completed
Completed 3
Step 3
Webhook Verification
completed
home

Step 3: Webhook Verification

The following steps will describe how to optionally verify that a webhook request originated from Yext (and not a potentially malicious third party).

Before You Start

Check for the “Configure Security” button on the Webhooks page in your Developer Console. If you don’t see this button, reach out to your Client Success Manager or Yext Support so we can make sure this feature is enabled in your account.

We will provide you with a Signing Secret that is unique to your app. We’ll also include an X-Yext-Signature header to all our webhook requests, which will be the hash of the request’s body using the Signing Secret. Upon receipt of the request, you’ll use your Signing Secret to hash the request body. If the result matches the X-Yext-Signature header, you’ll know the request came from Yext.

How to Verify a Request

For the purpose of this exercise, we’ll assume you’ve enabled a webhook that sends a request whenever an entity is created or modified.

  1. Obtain the ‘X-Yext-Signature’ header from the incoming webhook request yext_signature = request.headers[‘X-Yext-Signature’]>> 2eb9d011edb8063d3a2df8057ae772bca7cf6c9d761afcf39dbeea0d810e182b

  2. Extract the body from the incoming webhook request

     request_body = request.body():
 {
  "meta": {
     "eventType": "ENTITY_UPDATED",
     "uuid": "14dec63a-80f3-4aef-8dbc-d39830396fa7",
     "timestamp": 1555090463175,
     "accountId": "2369309",
     "actor": "YEXT SYSTEM",
     "appSpecificAccountId": "50d8bc38a506e9bdba9fcaf103d6811b8212e0d3"
   },
   "entityId": "5600633438974399303",
   "primaryProfile": {
     "address": {
       "line1": "1 Madison Ave",
       "city": "New York",
       "region": "NY",
       "postalCode": "10010",
        "countryCode": "US"
     },
     "addressHidden": false,
      "name": "A location",
     "isoRegionCode": "NY",
     "timezone": "America/New_York",
     "yextDisplayCoordinate": {
       "latitude": 40.7410895,
       "longitude": -73.98750919999999
     },
     "yextRoutableCoordinate": {
       "latitude": 40.7411640951893,
       "longitude": -73.987830606551
     },
     "meta": {
       "accountId": "2369309",
       "uid": "3x7Dmg",
       "id": "5600633438974399303",
       "timestamp": "2019-04-12T17:34:23",
       "folderId": "0",
       "language": "en",
       "countryCode": "US",
       "entityType": "location"
     },
     "categoryIds": [
       "1857"
     ],
     "reviewGenerationUrl": "https://locationrater.com/tp/2zAkB5",
     "firstPartyReviewPage": "https://www.locationrater.com/survey/YS1sb2NhdGlvbi1uZXcteW9yay1uZXcteW9yay11cy0wM2UzOTc=",
     "timeZoneUtcOffset": "-04:00"
   },
   "languageProfiles": [],
   "changedFields": {
     "language": "en",
     "fieldNames": [
       "timezone"
     ]
   }
 }

  3. Pull your Signing Secret from the Yext Platform by clicking the “Configure Security” on the top right while configuring Webhooks for an app, and copy the Signing Secret. This example assumes signing_secret = df81b78b32e34680a1c87302bfdefa1a.

configure webhook security 4. Using HMAC SHA256 implemented in your preferred programming language, obtain a signature by hashing the request body using your Signing Secret as the key. You should use the hex digest of the hash. my_signature = hmac_sha256_hash(signing_secret, request_body) >>2eb9d011edb8063d3a2df8057ae772bca7cf6c9d761afcf39dbeea0d810e182b 5. Compare your calculated signature with the signature in the ‘X-Yext-Signature’ header on the request. If they match, the request came from Yext. If they do not match, please block the request. Feel free to reach out to API Support so we can investigate the inauthentic attempt.

Feedback
<% elem.innerText %>