Verification keys

Dispatch communicates with your app using HTTP webhooks. To confirm those requests come from Dispatch, it’s recommended to set up a verification key.

Note

Dispatch uses ED25519 asymmetric keys and the HTTP Messages Signatures standard for strong security.

Create a verification key

Use Dispatch CLI to generate a verification key.

dispatch verification rollout

The output should look something like this:

-----BEGIN PUBLIC KEY-----
vjTIrTmgMoFRn8b5L3VXJckgEbEJGBFFWTscB2WYoi1bGlew
-----END PUBLIC KEY-----

This is a public key that’s safe to share and store in the source code. Dispatch will use this key to sign all requests to your server.

Set up verification

To make Dispatch SDK verify incoming requests, store your verification key in a DISPATCH_VERIFICATION_KEY environment variable. Dispatch SDK will automatically detect this environment variable and enable request verification.