Securing Your Log Drains
All drains support transport-level encryption using HTTPS or TLS protocols. We strongly recommend using them on production and reserving others for development and testing.
When your server starts receiving payloads, it could be a third party sending log messages to your server if they know the URL. Therefore, it is recommended to use HTTP Basic Authentication, or verify messages are sent from Epycbyte using an OAuth2 secret and hash signature.
Verifying Messages
To validate incoming payloads, you can compute the signature using an HMAC hexdigest from the secret token of the OAuth2 app and request body, then compare it with the value of the x-epycbyte-signature header.
Here's an example of how to implement this in a basic HTTP server:
server.js
const http = require('http');
const crypto = require('crypto');
http.createServer((req, res) => {
var body = '';
req.on('data', function(chunk) {
body += chunk;
});
req.on('end', function() {
if (!verifySignature(req, body)) {
res.statusCode = 403;
res.end("signature didn't match");
return;
}
res.end('ok');
});
}).listen(3000);
function verifySignature(req, body) {
const signature = crypto.createHmac('sha1', process.env.OAUTH2_SECRET)
.update(body)
.digest('hex');
return signature === req.headers['x-epycbyte-signature'];
}
Next Steps
- Learn about the available endpoints and their parameters.
- Understand the different kinds of errors you may encounter when using the Rest API.
- Familiarize yourself with the shared interfaces referenced across multiple endpoints.
- Explore how to use the REST API to build your Integrations and work with Redirect URLs.