Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.jelou.ai/llms.txt

Use this file to discover all available pages before exploring further.

The X-Jelou-Signature header with format sha256=HMAC_HEX_DIGEST is used in both directions:
  • Verification: When receiving events from Jelou on your webhook, you must verify the signature to ensure integrity.
  • Generation: When sending messages to Jelou’s webhook (incoming_message), you must generate and send the signature.

Verification of events received from Jelou

All events sent by Jelou to the webhook include the X-Jelou-Signature header. It is recommended to always verify the signature. 
const crypto = require("crypto");

function verifySignature(payload, signature, signingSecret) {
    const expectedSignature = crypto
        .createHmac("sha256", signingSecret)
        .update(JSON.stringify(payload))
        .digest("hex");

    const expected = `sha256=${expectedSignature}`;

    return (
        signature.length === expected.length &&
        crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))
    );
}

Signature generation for sending to Jelou

When the external provider sends a message to the end user via POST /v1/external-support/webhook, it must include the X-Jelou-Signature header with the HMAC-SHA256 signature of the body.
The body being signed must be the exact same string sent in the request. Serialize the payload with JSON.stringify() once and use that same string for both generating the signature and for the request body.
const crypto = require("crypto");

const payload = { /* your payload here */ };
const signingSecret = "your_signing_secret";

const body = JSON.stringify(payload);
const signature = crypto
    .createHmac("sha256", signingSecret)
    .update(body)
    .digest("hex");

console.log("Body (use as raw body):");
console.log(body);
console.log("\nX-Jelou-Signature:", `sha256=${signature}`);

Authentication headers sent by Jelou

Based on the authType configured in the integration, Jelou will send the corresponding header when invoking your webhook:
authTypeHeader sent
bearerAuthorization: Bearer {{token}}
api_keyX-API-Key: {{api_key}}
basicAuthorization: Basic {{base64_credentials}}
no_authNo authentication header