Lookup Signature
POST/signature/lookup
Check if the provided image contains SASHA Signature
Request
Responses
- 200
- 400
- 401
Successful operation
An error has occurred.
An authorization error has occurred.
Callbacks
- POST jobStatusChanged
POST{$request.body#/callback_url}
Callback notification sent when a job status changes.
The callback payload contains the complete Job object with updated status information. Partners can use this callback to track the status of their jobs and get notified when the job is complete to get the result.
Partner Authentication Token
To authenticate that the callback request comes from SASHA, a pre-shared token is included in
each callback request. Each partner is provided with a unique Partner Authentication Token that
SASHA will include in the Authorization: Bearer <token> header when calling the Partner's
callback endpoints.
Callback Payload Authentication
To protect the payload of the callback from tampering in transit, SASHA provides a signature of the request payload using the HMAC-SHA256 algorithm. The key for the HMAC-SHA256 algorithm is the Callback Secret that the Partner receives from SASHA.
The request signature is calculated over a few fields concatenated together:
HMAC-SHA256(request_method || request_url || request_id || request_payload)
Where || is the concatenation operator without any separator or padding.
- The request method is the HTTP method of the request in uppercase, e.g.
POST. - The request url is the URL of the request without the fragment and query parameters.
- The request id is the value of the
SASHA-Request-IDheader. - The request payload is the JSON request body.
The request signature is included in the SASHA-Request-Signature header.
While validating the signature is not mandatory, SASHA recommends to do so to ensure the payload genuinely comes from SASHA and was not modified in transit.
Validating the request signature
Your application should verify that the callback request is genuine and was sent by SASHA before responding to the request. This is important for securing sensitive data and protecting your application from abuse.
SASHA includes the request signature in the SASHA-Request-Signature HTTP header.
Example
Here is an example of how to validate the request signature for the request below:
- Callback Secret:
1234567890 - Request method:
POST - Request url:
https://your-app.com/callbacks/sasha-job-update - Request id:
aa-b-c-d-ee - Request payload:
{"job_id": "1234567890", "status": "completed"}
The concatenated string would be:
POSThttps://your-app.com/callbacks/sasha-job-updateaa-b-c-d-ee{"job_id": "1234567890", "status": "completed"}
The request signature is c977b19ba0bef139417b40a68fc904bdca2ddefa752ee6032ff5aa4607606c24.
Request Identification
Each callback delivery includes a unique SASHA-Request-ID header that you can use for tracking,
debugging, and ensuring idempotency.
Callbacks Responses
- 200
- 201
- 202
- 204
Callback received successfully
Callback received successfully
Callback received successfully
Callback received successfully