API Reference
SupportStatusSign UpLogin

Enable HMAC webhook digest

put https://api.tatum.io/v3/subscription

This endpoint is compatible with our v4 Notifications product. To use it with v4, simply replace 'v3' with 'v4' in the request URL.

/v3/subscription

2 credits per API call.


Enable HMAC hash ID on the fired webhooks from Tatum API. In order to make sure that a webhook is sent by us, we have the possibility to sign it with the HMAC Sha512 Hex algorithm.
To verify that a webhook is sent by us

  1. Get a webhook x-payload-hash header value and payload as it is as a JSON file.
  2. Convert the HTTP webhook body to stringify JSON without any spaces. In JavaScript, you would do it like this 
    JSON.stringify(req.body)
  3. Perform calculations on your side to create a digest using Secret Key, webhook payload in bytes and HMAC SHA512 algorithm. JavaScript example: 
    require('crypto').createHmac('sha512', hmacSecret).update(JSON.stringify(req.body)).digest('base64')
    .
  4. Compare x-payload-hash header value with calculated digest as a Base64 string.

Language
Credentials
Header
Click Try It! to start a request and see the response here!