Signing Keys

Notification Signature

When a subscription is registered, the Encompass services platform notifies the client application about the event with a specific base64 encoded signature in the response header.
Notifications are signed by the Encompass platform, so that the subscriber (or a client application) can verify the identity of the sender and integrity of the message upon receiving the notification. Clients are expected to process notifications with only a valid Elli-Signature in their headers. The environment indicator and message signature are available in the Elli-Environment and Elli-Signature headers, respectively.

In addition, the Elli-SubscriptionId header contains a unique subscription ID that is assigned when the subscription is created. To validate the notification, the subscription ID maps to the subscription's signing key. The signing key serves as a password that either you can assign or can be automatically assigned by the Encompass platform. To learn more about the signing key, see Subscriptions.

📘

Forgot the Signing Key?

If you have forgotten or lost the signing key for a subscription, you can use the Get a Subscription API to retrieve it. Also, note that the signing key was previously known as the "Webhook secret".

The following sample code provides an example of how to generate the Elli-Signature header using a signingkey. The Elli-Signature you received from us in the notification header and the one you generate using the sample code should match.

var encoding = new System.Text.UTF8Encoding(); 

byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
            
using (var hmacsha256 = new HMACSHA256(keyByte))
{
   byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
   return Convert.ToBase64String(hashmessage);
}