Verify Webhock event came from netatmo

The Netatmo API is a set of webservices allowing developers and third parties to access Netatmo device's data.
Post Reply
SwedishCoder
Posts: 1
Joined: 13 Jul 2020, 14:20

Verify Webhock event came from netatmo

Post by SwedishCoder » 13 Jul 2020, 14:24

We plan to integrate Netatmo, but for that we need a reliable way to test if the request came from Netatmo.
Is there a way to verify that the Webhock request came from Netatmo?
So far I have found one reference of [X-Netatmo-Secret] in the header whilst searching for this, but zero references on how this signature is calculated.
I am assuming this is using SHA256 to hash a secret using a combination of other header attributes as well as the client id/secret, but I have found absolutely nothing regarding this?

Could anyone elaborate if this is actually sent in the headers, and if so how it can be verified?

Post Reply

Return to “Netatmo API”