This guide explains how to verify a newly created webhook endpoint to start receiving webhook events from Blockmark Registry. Verification ensures that your endpoint is correctly configured and secure.
After creating a new webhook endpoint, you must verify it to activate webhook delivery. Blockmark Registry initiates the verification process by sending a JSON payload to your endpoint. The payload includes an event field set to endpoint.verify and a randomly generated secret string.
The following is an example of the JSON payload Blockmark Registry sends to your endpoint:
{
"event": "endpoint.verify",
"secret": "abc123"
}
To verify the endpoint:
Receive the Payload: Your endpoint must accept the JSON payload sent by Blockmark Registry.
Extract the Secret: Retrieve the secret field from the payload.
Respond with the Secret: Return the secret string in the response body with an HTTP 200 status code.
If the response is correct, your endpoint will be marked as verified, and it will begin receiving webhook events. If the response is incorrect (e.g., wrong secret or non-200 status), the endpoint remains unverified, and webhook delivery will not start.
Below is an example of how to handle the verification request using Node.js and Express:
const express = require('express');
const app = express();
app.use(express.json());
app.post('/webhook', (req, res) => {
const { event, secret } = req.body;
// Check if the request is for endpoint verification
if (event === 'endpoint.verify') {
// Respond with the secret and a 200 status
return res.status(200).send(secret);
}
// Handle other webhook events
return res.status(200).send({ message: 'Webhook received' });
});
Parse JSON: The express.json() middleware parses incoming JSON payloads.
Check Event Type: The code checks if the event field is endpoint.verify.
Respond with Secret: If the event is for verification, the secret is sent back in the response body with a 200 status.
Handle Other Events: Non-verification events can be processed as needed.
Verification Fails: Ensure your endpoint is publicly accessible, returns the exact secret string, and responds with a 200 status.
No Payload Received: Check your endpoint URL in the webhook settings and verify that your server is running and reachable.