Mailmunch

MailMunch allows you to secure the incoming webhook request to your API endpoint by using a combination of your secret key and the request's timestamp.

In order to secure your requests, follow the few easy steps mentioned below.

Step 1: Edit your HTTP Post integration in your opt-in form's edit flow, and enter a Security Key.

Step 2: Once you've entered the secret key, all future webhook requests will contain the following two headers:

Authorization: SHA256 hash of your secret key and timestamp encoded with base64.

- X-Mailmunch-Time: Unix epoch
- Authorization: SHA256 hash of your secret key and timestamp encoded with base64.

The timestamp used for matching the authorization key should match with the timestamp in the X-MailMunch-Time header.

Here's a PHP code snippet to verify a secure request.

function is_secure_request() { $headers = getallheaders(); $time = $headers['X-Mailmunch-Time']; $authorization = isset($headers['Authorization']) ? $headers['Authorization'] : null; if (empty($authorization)) return false;

list($algo, $hash) = explode(' ', $authorization); $key = '#tToArng8YPJ4R'; // Replace with your own key

return hash('sha256', $key . $time, true) == base64_decode($hash); }

if (is_secure_request()) { // process contact }

HTTP Post (Webhook) Security Settings

Community

Product Demo

Video Tutorials

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you