File tree Expand file tree Collapse file tree 1 file changed +15
-4
lines changed
Expand file tree Collapse file tree 1 file changed +15
-4
lines changed Original file line number Diff line number Diff line change @@ -171,11 +171,22 @@ public class SimpleMindeeClient {
171171 String jobId = client. enqueue(InternationalIdV2 . class, localInputSource)
172172 .getJob(). getId();
173173
174- // Load the JSON string sent by the Mindee webhook callback.
174+ // Load the JSON string sent by the Mindee webhook POST callback.
175175 //
176- // Reading the callback data will vary greatly depending on which
177- // HTTP server you are using, and is beyond the scope of this example.
178- LocalResponse localResponse = new LocalResponse (" {'json': 'data'}"
176+ // Reading the callback data will vary greatly depending on your HTTP server.
177+ // This is therefore beyond the scope of this example.
178+ String jsonData = myHttpServer. getPostBodyAsString();
179+ LocalResponse localResponse = new LocalResponse (jsonData);
180+
181+ // Verify the HMAC signature.
182+ // You'll need to get the "X-Mindee-Hmac-Signature" custom HTTP header.
183+ String hmacSignature = myHttpServer. getHeader(" X-Mindee-Hmac-Signature"
184+ boolean isValid = localResponse. isValidHmacSignature(
185+ " obviously-fake-secret-key"
186+ );
187+ if (! isValid) {
188+ throw new MyException (" Bad HMAC signature! Is someone trying to do evil?"
189+ }
179190
180191 // You can also use a File object as the input.
181192 // LocalResponse localResponse = new LocalResponse(new File("/path/to/file.json"));
You can’t perform that action at this time.
0 commit comments