For every event that occurs, a specific webhook notification is dispatched from the LICENSE4J Cloud servers. These requests originate from a designated IP address, referred to as 123.123.123.123. To enhance security, it is advisable to configure your webhook handler to accept requests exclusively from this specified IP address, thereby preventing unauthorized access from other sources. In addition to the IP address, each webhook request contains a crucial security feature in the form of a header labeled "LICENSE4J-Signature." This signature is generated using the HMAC SHA256 algorithm by using the secret key provided in the webhook configuration details.

To ensure the integrity and authenticity of the webhook, it is imperative to implement a verification process. This process entails recalculating the signature using the received data and the corresponding secret key. Once the new signature has been generated, it must be compared with the value included in the "LICENSE4J-Signature" header. A match between the two signatures confirms that the request is legitimate and has not been altered during transmission. This verification step is essential for maintaining the security of your application and for ensuring that only valid webhook requests are processed.

{
    "event": "license.generated",
    "time": "2025-01-01 10:10:11",
    "data": {
        "id": 1179014318968977348,
        "productId": 1446131546753861138,
        "productName": "Example Product 0",
        "licensekey": "MA2G7-PB9E3-69M4P-P557F-JCGCR",
        "licensetype": "Floating",
        "fullname": "Francine Hickey112",
        "email": "francine@optisoft.com",
        "company": "OptiSoft2",
        "maxAllowedUsage": 1,
        "validDays": 365,
        "features": "",
        "dateCreated": "2025-01-05 20:49:53",
        "dateUpdated": "2025-01-14 01:31:17",
        "dateExpires": null
    }
}