Server

MFN puts really no constraints on the FTP server, as long as it is possible to upload files

HMAC Verification

Using the secret you provided when you setup the subscription, you can verify the received request content by the following algorithm. Our servers will send the the HMAC signature in the X-Hub-Signature header as described.

Below is an example of how verification of authenticity can be made using bash

#!/bin/bash
## file name valid_signature.sh
## Usage eg. 
## valid=$(./valid_signature.sh \
##             ./e0794633-5f0c-4edf-a4b3-4da07af8bb4a.json \
##             ./e0794633-5f0c-4edf-a4b3-4da07af8bb4a.header \
##             "the_secret_key")

NEWS_FILE=$1
HEADER_FILE=$2
HMAC_KEY=$3

news_signature=$(cat $NEWS_FILE \
    | openssl dgst -sha256 -hmac "${HMAC_KEY}" \
    | cut -d " " -f2)

header_signature=$(cat $HEADER_FILE \
    | grep "X-Hub-Signature" \
    | cut -d "sha256=" -f2)

if [ "$news_signature" = "$header_signature" ]; then
  echo true
  exit 0
fi

echo "News signature is not equal to provided signature header" 1>&2 
echo "$news_signature" != "$header_signature" 1>&2 
echo false
exit 1