Secure Webhooks

Along with the Voice API, EnableX uses webhooks to enable your application to interact with the call. The EnableX server posts webhooks as asynchronous callbacks upon completion of certain requests made by the clients. The requests can succeed or fail. The result of a request is stored in the response body of the webhook.

How Are Webhooks Secured?

Webhooks are public URLs that are exposed by application developers on the application server. These URLs are called by the voice server on event completion.

As webhook URLs are accessible from the public network, it is important that they are encrypted and secured. For both inbound and outbound calls, the data is secured in the following ways:

  • While sending a webhook event, the server always encrypts the payload using AppID and sends other headers to support encoding/format types in the webhook event.
  • The server sends x-algorithm, x-encoding, and x-format header in all webhook requests, so that the client can decrypt the message with the same values with which the server has encrypted it.
  • The client decrypts the payload using AppID and the specified headers so that only the intended client can access the webhook message.

To understand how this works, take a look at the enxVoicelib.js file from the sample projects in GitHub. It is a nodejs file, which includes a crypto package and calls a decrypt with APP_ID that you have received from EnableX. The following code is included in your webhook event handler.

var crypto = require('crypto'); // Crypto package 
exports.decryptpacket = function(req, callback) {
try {
   if(req.body) {
   var key = crypto.createDecipher(req.headers['x-algoritm'], app_id);
   var decryptedData = key.update(req.body['encrypted_data'], req.headers['x- format'], req.headers['x-encoding']);
   decryptedData += key.final(req.headers['x-encoding']);
   let voice_event = JSON.parse(decryptedData);
   callback(voice_event);
   } else
     callback(null);
   } catch (e) {
     console.log('failed to decrypt the payload ' + e);
     callback(null);
   }
}

Note: All prompt files in the assigned prompt group may be used in your API call.

Need Help?

We're always ready to help you with your implementation as you start building your video application. You can reach out to our support team or check out the sample code on Github.

Stay updated with the latest at EnableX by checking our blogs.

To know more about our products and pricing , check out our products and pricing pages or reach out to our team.

Receive DTMF | Programmable Voice ServiceResources for Voice API & Voice Service