If your application exposes sensitive data or is possibly mutative to your data, then you may want to be sure that the HTTP requests to your web application are indeed coming from Stringee, and not a malicious third party. To allow you this level of security, Stringee cryptographically signs its requests. Here's how it works:
Stringee uses HMAC-SHA1 to sign the data that will be sent to your WebServer (via answer_url, event_url,...); where secret key is Project's Signing secret key and data is:
(i.e.: to event_url): the data is HTTP POST body
(i.e.: to answer_url): the data is Request-URI of the URL, which Stringee will send something to - after necessary parameters are appended, e.g.: your answer_url is
https://yourserver.com/test/answer_url-from_internal.phpthen the full URL, after parameters are appended, which Stringee will send GET request to receive SCCO will be
https://yourserver.com/test/answer_url-from_internal.php?from=user_1&to=user_2&fromInternal=true&userId=user_1&projectId=22512&callId=call-vn-1-ABCDWXKUQM-1542377678921&custom=Request-URI is (always starts with the slash "/"; if there is any space in URI, the space will be replaced with: %20):
/test/answer_url-from_internal.php?from=user_1&to=user_2&fromInternal=true&userId=user_1&projectId=22512&callId=call-vn-1-ABCDWXKUQM-1542377678921&custom=Request-URI is the data Stringee will use to sign with the key
Stringee sends this signature after base64_encode, in an HTTP header called X-STRINGEE-SIGNATURE