Securing Webhook Issue - Coinbase

I’m trying to integrate coinbase payments into my site, I have got the api to work to create the charge but I am having a lot of trouble with the webhook to tell me when a charge has been completed

Reading the coinbase docs I need to submit my ‘shared secret code’ in the header of the response of the webhook and they respond with a code that I then have to unlock or something? See here:

So I think I have my shared secret token being sent to coinbase as a response to the webhook:

because when I send a test the webhook in the coinbase settings I get this response:

Can anyone tell me if I’m doing it correctly? I think now I have to decode the response I get from coinbase - does anyone have any idea of how to do this?

Any help at all would be a lifesaver!!

@sudsy @marty.lindsay @fabrice.latour04

I instead decided to secure the webhook by checking if the webhook is coming from the IP addresses that coinbase sends. If it doesn’t come from one of those addresses it doesn’t run. This isn’t as secure as decoding the webhook how coinbase suggests but I think it’s ok for now or until bubble makes this an easy process.

You can always add a valid authentification method in the header to make it more secure. :slight_smile:

1 Like

Thanks, yeah I’m doing that + the IP auth. I hope that’s enough!