We currently support either HTTP or HTTPS URLs, so you can increase security by using an SSL-enabled URL. To further increase security, you may wish to take additional steps to ensure that information is coming from StoryChief.

When using HTTPS URLs

The easiest way is to include a secret key in the URL that you provide and check that GET parameter in your scripts, e.g: https://your-awesome-blog.com/webhook/storychief?secret=123456789

When using HTTP URLs

A SHA-256 calculated MAC (UTF-8 encoded) is sent along with all messages.

  • The hashed data is the complete JSON encoded payload without the HMAC.
  • The hash key is given in your channel configuration on StoryChief.


$KEY = 'your-key-from-StoryChief';
private function validMac($payload) {
   // copy the mac from array
   $givenMac = $payload['meta']['mac'];
   // removes the mac from array

   // recalculate the mac with you key
   $calcMac = hash_hmac('sha256', json_encode($payload), $KEY);

   // validate that calculated and given mac are the same
   return hash_equals($givenMac, $calcMac);

Handle a message →

Did this answer your question?