Securing Your Adapter

How to validate requests to your adapter and sign responses

Any time that Chain.io calls your adapter, it will include a HMAC256 signed signature in the x-chainio-signature header. You must verify this header for every request to ensure that the call is coming from Chain.io. The secret used to sign the signature is the one you provide when you register the adapter. You can rotate this secret at any time by making a call to the /adapters/{id}/rotate_shared_secret api endpoint (see the api reference).

When you reply to the Chain.io callback URL, you must also sign the request with the same secret in the x-chainio-signature header. See the Quick Start guide for example code.


What’s Next