# Webhooks
## Authorization
AltDentifier will send a HMAC hexdigest using your server's signature as key and the stringified payload as it's body. Make sure to not share your signature. If you happen to do so accidentally, make sure to regenerate the signature.
#### Python Example:
```python
import hmac
import json
token = request.headers.get('Digest').split(=",1)[1]
new_digest = hmac.new(key=b'yourkeyhere', msg=request.data).hexdigest()
comparison = hmac.compare_digest(token, new_digest)
# NOTE: Never use new_digest == token as your comparision.
```
{% hint style="warning" %}
Note: Webhooks will be sent using a proxy. Do not rely on IP Addresses for verification.
{% endhint %}
## Webhook
`POST` `https://yourserver.com/webhook`
An example of the webhook AltDentifier will generate
#### Headers
| Name | Type | Description |
| ------------ | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Content-Type | string | application/json |
| Digest | string | MD5=(digest string) |
| Signature | string | keyId="hmac-key-1",algorithm="hmac-md5","signature"=Base64(HMAC-MD5(signing string))
See for more information
|
#### Request Body
| Name | Type | Description |
| ------------------ | ------- | ----------------------------------------------------------------------------------- |
| member | object | Member object of the user being verified. |
| incorrect\_account | string | Member object of the account the user attempted to verify with. Only sent with OP 4 |
| reason | string | Reason for verification failing. Only sent with OP 2. |
| method | string | Verification method used. Only sent with OP 1 and 2. |
| timeout\_role | string | Timeout role. Only sent with OP 3 if action is "timeout" |
| action | string | Timeout action taken. Only sent with OP 3. |
| OP | integer | The OP code for this webhook. See above for more info |
| guild | object | Guild in which verification is taking place |
{% tabs %}
{% tab title="200 Please return a 200 or 204 when the signature is validated succesfully and the request has been handled without issues!" %}
```
```
{% endtab %}
{% tab title="400 Please return a 4xx (Excluding 403) when your application could not handle the webhook properly. AltDentifier will attempt to resend your webhook with increasing intervals of times, with a maximum of 8 tries. " %}
```
```
{% endtab %}
{% tab title="403 Please return a 403: Forbidden if the signature fails to validate. " %}
```
```
{% endtab %}
{% endtabs %}
### OP Codes
```python
0: VERIFICATION STARTED
1: VERIFICATION PASSED
2: VERIFICATION FAILED
3: VERIFICATION IGNORED
4: ACCOUNT INCORRECT
```
### Member Object
```python
{"id": "66166172835385344", "username": "Auxim", "discriminator": "0001"}
```
### Guild Object
```python
{"id": "372024042980638721", "name": "Auxim Solutions"}
```
### Verification Methods
```
"steam": Steam Verification
"reddit": Reddit Verification
"twitter": Twitter Verification
"overwatch": Overwatch Verification
"captcha": "Google Captcha Verification"
"xbox": "Xbox Live Verification"
"youtube": "YouTube Verification"
"bypass": "A moderator allowed the user to skip verification
```
### Timeout Actions
```
"kick": "Member will be kicked from the server by AltDentifier"
"ban": "Member will be banned from the server by AltDentifier"
"role": "Member will be given the timeout role by AltDentifier"
"nothing": "AltDentifier will take no action"
```