Stabilize webhook signature verifier

apisMEDIUMAPI CHALLENGE

Stabilize webhook signature verifier

Medium APIs arena: HMAC verification, replay windows, and raw body handling

XP reward

190

Coins

Target time

30m

Mission locked

Missing prerequisites: apis-easy-webhook-signature

An integration endpoint must reject spoofed or replayed webhook deliveries. You are working inside an API platform team, and the arena only clears when the result is safe, deterministic, and explainable.

Learning objective

Learn to apply HMAC verification, replay windows, and raw body handling in an API platform team while explaining the invariant, safety constraints, and hidden edge cases.

Mission order

Headers include timestamp, signature, delivery id, and event type. Handle normal data, malformed data, and deterministic ordering before optimizing. Submit the solution plus enough reasoning to pass hidden edge cases.

Visible checks

selects the safest option

Expected: B

includes justification

Expected: mentions correctness or risk

Clear requirements

Demonstrates HMAC verification, replay windows, and raw body handling
Handles the visible sample and hidden edge cases
Keeps output deterministic and explainable
Avoids unsafe dynamic execution

Secure validation contract

Judge type

API CHALLENGE

Complexity target

Contract remains stable under retries, pagination, errors, and abuse cases

Workspace

Code editor

locked

Clear the route first

You can read the mission brief, but the editor, hints, tests, and submit flow stay locked until progression or plan access catches up.

Enter Immersive

Test Results

Run the visible checks when your first pass is ready.

Clear Protocol

1Read the scenario and restate the expected output shape.

2Run visible checks before chasing hidden edge cases.

3Use Genie for one nudge if stuck, then explain the invariant.

4Submit only when the result is deterministic and safe.

Rewards

190

Coins

Mission Route

Previous Next

Back to catalog

Hints

Hints are metered and logged for No Hint Hero runs.

Genie Mentor Core

Hint protocol / contextual guardrails active

Progressive hints

Failed-test aware

Solution guarded

Mission: apis-medium-webhook-signature0 attempts0 failed tests0 hints used

Progressive hint depth

Genie: Genie online. I use your mission, attempts, failed tests, hints, and path context to coach the next rep without dumping answers first.

Related Missions

Stabilize cursor pagination contract

MEDIUM / 180 XP

Stabilize idempotency key design

MEDIUM / 185 XP

Stabilize rate limit error envelope

MEDIUM / 195 XP

Stabilize OpenAPI evolution review

MEDIUM / 200 XP

Stabilize cursor pagination contract noisy edge lab

MEDIUM / 230 XP

apisMEDIUMAPI CHALLENGE