Get the public key and algorithm used to digitally sign webhook notifications. Verifying the digital signature ensures the notification came from Circle. In the headers of each webhook, you can find
X-Circle-Signature
: a header containing the digital signature generated by Circle.X-Circle-Key-Id
: a header containing the UUID. This is will be used as the ID
as URL parameter to retrieve the relevant public key.1const response = await client.getNotificationSignature('b3d9d2d5-4c12-4946-a09d-953e82fae2b0')
2console.log(response)
1{
2 "data": {
3 "id": "09379bc1-4871-45ad-8b8b-8027795df70d",
4 "algorithm": "ECDSA_SHA_256",
5 "publicKey": "QFkwewylAoZIzj0CBQYIKoZIzj0DAQcDQgAEEext6d7AimvYFDAKBwsUsGXrhqmRHNPYum7V/BwfvJLmJeSMe2V0b9eWKPuFxAEH8HCY/MSZdBI+q/E6IdPnSg==",
6 "createDate": "2023-06-01T18:18:06.931526Z"
7 }
8}