TiaoLi / 淘狸
工作台 监控池 账户

Webhooks

订阅事件,TiaoLi 会 HTTP POST 到你配置的 URL。每个投递都带 HMAC 签名防篡改

接收端校验签名

每个请求带 header TiaoLi-Signature: t={timestamp},v1={hmac}。接收端用 webhook secret 验证

Python 示例:

import hmac, hashlib
header = request.headers["TiaoLi-Signature"]
ts, sig = [p.split("=",1)[1] for p in header.split(",")]
expected = hmac.new(SECRET.encode(), f"{ts}.".encode() + request.body,
                    hashlib.sha256).hexdigest()
assert hmac.compare_digest(expected, sig)