Generating a 'handshake' value to verify Integration submissions
Submissions from our Webhook Integration feature will always include a handshake
value that your receiving script can optionally use to verify an Integration submission actually came from your account on our system. To generate this value, we take an MD5 hash of your E-junkie password, then tack your E-junkie login email in front of that hash, then re-hash the whole thing in MD5 again, like so:
md5(your_e-junkie_login_email+md5(your_e-junkie_password))
If your E-junkie login email and password became known to someone else, they could forge this hash, so you may prefer that your script only contains the hash itself, rather than containing your actual email and password to generate the hash on-demand. If you ever change your E-junkie login email or password, you'd need to update the hash reference in your listener script.
You can use any scripting language of your choice to compare the handshake
hash we transmit against a matching hash at your end. Here's an example using PHP:
<?php
// Put this in the top of your script, so if the handshake does not match, it will exit, but otherwise it runs the rest of your script:
if ($_POST['handshake']!==md5("your@login.email".md5("your_e-junkie_password")))
{
exit;
}else {
// Here is where you do whatever you wish with the order data variables. To illustrate the point, this example will just email the data to a given address:
mail ("user@example.com","Post from E-junkie", print_r($_POST,true));
}
?>
If you just want to provide your handshake
hash to a developer or third-party provider without disclosing your E-junkie login email and password to them, here's one way you can generate the hash manually:
- Visit an online MD5 hash generator site like this;
- Enter your E-junkie password in the text field and click the Generate or Submit button -- e.g., using
ExamplePassword
would get converted into a hash like so:
6a59e332352f3afab23e37096a66ec6b
; - Copy the hash generated and paste that back into the text field;
- Type your E-junkie login email in front of that pasted hash, like so:
user@example.com6a59e332352f3afab23e37096a66ec6b
- Click the Generate or Submit button again -- e.g., the example above would get converted to a final hash like so:
747a442c9bd86abb7803771136c1d802
- Copy and paste that final resulting hash to your developer or third-party provider.