- Type
/webhook manageon our Discord server. - In the menu that appears, specify the URL of your custom webhook.
- Before clicking the “Add” button, be sure to click the “Test” button.
- The system will send a test message. If it arrives — everything is configured correctly and the webhook is ready for use.
- After successful verification, click the “Add” button to activate data reception.
We do NOT support direct Discord webhooks. The system works exclusively with custom webhooks (your own handlers).
Requirements
Your endpoint must accept
POSTrequests with a JSON body.- These headers on every signed request:
X-Signature-Ed25519(hex-encoded Ed25519 signature).X-Signature-Timestamp(Unix timestamp string).
Your Endpoint Must:
- Read the raw bytes of the request body exactly as received (do not re-serialize JSON).
-
Read
X-Signature-Timestamp. -
Read
X-Signature-Ed25519. -
Verify the signature for:
message = timestamp + raw_bodyWheretimestampis the header value as a string, concatenated directly with the raw body bytes. -
Return:
- 2xx only if the signature is valid.
- 4xx if headers are missing, invalid, or signature verification fails.
Public Key
Use this Ed25519 public key (base64, SubjectPublicKeyInfo / SPKI):Implementation Details
Input Data
timestamp: exact string fromX-Signature-Timestamp.sigHex: exact string fromX-Signature-Ed25519(hex).rawBody: raw bytes of the request body.
Steps
- Decode
sigHexfrom hex to bytes. - Construct
messageas:timestampbytes in UTF-8- Immediately followed by
rawBody
- Verify the Ed25519 signature using the public key above.
Common Mistakes
- Do not use a parsed JSON object for verification. Use only raw body bytes.
- Do not add separators or spaces between the timestamp and body.
- Treat the signature as hex, not base64.
- Make sure your framework doesn’t consume the body before you capture it.
What events are sent?
Currently, the game sends webhooks for:- Messages starting with ;
- This allows creating custom in-game commands!
- Emergency Calls