Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.sandbox.co.in/llms.txt

Use this file to discover all available pages before exploring further.

webhooks send real-time notifications to your app when specific events occur. When you subscribe to an event, Sandbox delivers the payload directly to your endpoint. For example, subscribing to tds.206-ab.done notifies you each time a 206AB job completes.

Configure webhooks

Set up your webhook url, subscribed events, and secret key in the Sandbox Console. See How to Configure Webhooks for step-by-step instructions.

Validate webhook signatures

When you configure a webhook secret, Sandbox generates a hash signature for each payload. Validate this signature to ensure the webhook is authentic. Sandbox includes the signature in the x-sandbox-signature header using a base64-encoded hash-based message authentication code (HMAC) with SHA-256. 
const crypto = require('crypto');

function validateWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('base64');
  
  return signature === expectedSignature;
}

// In your webhook handler
app.post('/webhook', (req, res) => {
  const signature = req.headers['x-sandbox-signature'];
  const isValid = validateWebhook(req.body, signature, WEBHOOK_SECRET);
  
  if (!isValid) {
    return res.status(401).send('Invalid signature');
  }
  
  // Process webhook
  res.status(200).send('OK');
});
Always validate webhook signatures before processing the payload to prevent unauthorized requests.