This guide will walk you through the process of setting up and using HMAC authentication in Vellum. HMAC authentication provides an additional layer of security for outgoing API calls and webhooks.
- Create a new secret token securely: You can do this in Python using the
secretsmodule. Here's a simple example:
- Provide your secret token to Vellum: Navigate to the API keys page. Click the "Provide HMAC Token" button and enter your secret token.
Only outgoing webhooks and API calls from Vellum include HMAC authentication.
Each request will contain two headers:
Verify the timestamp: Check that the value of
X-Vellum-Timestampis within the last 60 seconds.
Create the message string: Concatenate the following values together, separated by one newline character, into a new string
- The request method (GET, POST, etc)
- The request URL
- The request body
- Verify the signature. Use the HMAC algorithm with SHA-256 to verify the authenticity of