webhooks

WebHook POST requests include an X-Nivo-Signature header which you should use to validate that the request originated from Nivo before handling the request. This signature is a HmacSHA256 hash of the UTF-8 encoded body of the request using your_api_key as the shared secret.

WebHook POST requests also include an X-Nivo-Provider-ID and X-Nivo-Provider-Tag which you can use to determine which agent console initiated the WebHook request.

It is your responsibility to validate that the request originated from Nivo by confirming each request's signature.