FastSpring allows you to use a secret key to ensure that the payload received by the QLM License Server was indeed sent by FastSpring.
For more details about FastSpring's security, you can review these articles:
- Message / Secret Security for webhooks (FP Contextual)
- Fulfillment security
Webhook security
To configure webhook security (only required for FastSpring Contextual):
- In Fastspring, go to Integrations / Webhooks
- Edit the QLM Endpoint that you created
- Locate the HMAC SHA256 Secret field and copy the value to the clipboard
- Launch the QLM Management Console
- Go to the Manage Keys tab
- Click 3rd Party Extensions and then select FastSpring
- Paste the HMAC SHA256 Secret value in the Shared Key field.
Fulfillment security
To configure security for each fulfillment:
- In FastSpring, for a given product, locate the QLM fulfillment that you already created
- Edit the fulfillment and go to the Security tab
- Locate the Private Key field and copy the value to the clipboard
- Launch the QLM Management Console
- Go to the Manage Keys tab
- Click 3rd Party Extensions and then select FastSpring
- Paste the HMAC SHA256 Secret value in the API Key field.
Note that QLM supports a single private key for all FastSpring products so you must configure all your products in FastSpring to have the same private key.
Comments
0 comments
Please sign in to leave a comment.