Validate HTTP-notifications

Every HTTP-notification sent by Cryptonator contains a secret_hash parameter.

A secret_hash contains the SHA-1 hash function value from packing ALL notification parameters together with your secret.

secret_hash = sha1(string&secret)

To check the integrity and authenticity of the received notification, compute the hash using the algorithm below. Compare the obtained data with the value of the secret_hash parameter in the received notification.

String format


String example


Should one of the received notification parameters has no value, simply insert & into the string.

Always check the value of the secret_hash parameter. This is necessary to verify the integrity of the notification data and to make sure that the notification was indeed sent by Cryptonator.