Documentation Index
Fetch the complete documentation index at: https://docs.corsa.finance/llms.txt
Use this file to discover all available pages before exploring further.
The SDK provides utilities for verifying webhook signatures sent from the Corsa API.
import os
from flask import Flask, request, abort
from corsa_sdk import verify_webhook_signature
app = Flask(__name__)
WEBHOOK_SECRET = os.environ["CORSA_WEBHOOK_SECRET"]
@app.route("/webhook", methods=["POST"])
def handle_webhook():
signature = request.headers.get("x-hub-signature-256")
if not signature:
abort(400, "Missing signature header")
raw_body = request.get_data(as_text=True)
if not verify_webhook_signature(WEBHOOK_SECRET, raw_body, signature):
abort(403, "Invalid signature")
event = request.get_json()
event_type = event.get("type", "unknown")
print(f"Received event: {event_type}")
print(f"Timestamp: {event.get('timestamp')}")
match event_type:
case "individual_client.created" | "individual_client.updated":
print(f"Client: {event['data']['id']}")
case "alert.created" | "alert.updated":
print(f"Alert: {event['data']['id']}")
case "case.created" | "case.updated":
print(f"Case: {event['data']['id']}")
case _:
print(f"Unhandled event type: {event_type}")
return "OK", 200
if __name__ == "__main__":
app.run(port=3000)
Signing Payloads (for Testing)
You can generate signatures locally to test your webhook handler:
from corsa_sdk import sign_webhook_payload
signature = sign_webhook_payload(
"your-webhook-secret",
'{"type":"alert.created","data":{"id":"abc-123"}}',
)
print(signature)
| Header | Description |
|---|
x-hub-signature-256 | HMAC SHA256 signature for verification. |
x-hook-id | Unique ID of the webhook configuration. |
x-hook-delivery | Unique ID for this delivery attempt. |
x-hook-event | The event type that triggered the webhook. |
x-request-id | Request trace ID. |
x-request-origin | Origin of the request. |
