Skip to content
This repository has been archived by the owner on Sep 20, 2024. It is now read-only.

Commit

Permalink
update reademe
Browse files Browse the repository at this point in the history
  • Loading branch information
jonchurch committed Dec 20, 2016
1 parent 4bce3f4 commit ef99221
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions readme-facebook.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,10 @@ Since Facebook delivers messages via web hook, your application must be availabl
When you are ready to go live, consider [LetsEncrypt.org](http://letsencrypt.org), a _free_ SSL Certificate Signing Authority which can be used to secure your website very quickly. It is fabulous and we love it.

## Validate Requests - Secure your webhook!
Facebook sends an X-HUB signature header with requests to your webhook. You can verify the requests are coming from Facebook by enabling `validate_requests: true` when creating your bot controller. This checks the sha1 signature of the incoming payload against your Facebook App Secret (which is seperate from your webhook's verify_token), preventing unauthorized access to your webhook. You must also pass your `fb_app_secret=` into your environment variables when running your bot.
Facebook sends an X-HUB signature header with requests to your webhook. You can verify the requests are coming from Facebook by enabling `validate_requests: true` when creating your bot controller. This checks the sha1 signature of the incoming payload against your Facebook App Secret (which is seperate from your webhook's verify_token), preventing unauthorized access to your webhook. You must also pass your `app_secret` into your environment variables when running your bot.

```
fb_app_secret=abcdefg12345 page_token=123455abcd verify_token=VerIfY-tOkEn node facebook_bot.js
app_secret=abcdefg12345 page_token=123455abcd verify_token=VerIfY-tOkEn node facebook_bot.js
```

The Facebook App secret is available on the Overview page of your Facebook App's admin page. Click show to reveal it.
Expand Down

0 comments on commit ef99221

Please sign in to comment.