Fastspring HMAC validation

FastSpring allows you to use a secret key to ensure that the payload received by the QLM License Server was indeed sent by FastSpring.

For more details about FastSpring's security, you can review these articles:

Message / Secret Security for webhooks (FP Contextual)
Fulfillment security

Webhook security

To configure webhook security (only required for FastSpring Contextual):

In Fastspring, go to Integrations / Webhooks
Edit the QLM Endpoint that you created
Locate the HMAC SHA256 Secret field and copy the value to the clipboard
Launch the QLM Management Console
Go to the Manage Keys tab
Click 3rd Party Extensions and then select FastSpring
Paste the HMAC SHA256 Secret value in the Shared Key field.

Fulfillment security

To configure security for each fulfillment:

In FastSpring, for a given product, locate the QLM fulfillment that you already created
Edit the fulfillment and go to the Security tab
Locate the Private Key field and copy the value to the clipboard
Launch the QLM Management Console
Go to the Manage Keys tab
Click 3rd Party Extensions and then select FastSpring
Paste the HMAC SHA256 Secret value in the API Key field.

Note that QLM supports a single private key for all FastSpring products so you must configure all your products in FastSpring to have the same private key.

PreviousFastSpring - How to integrate with FastSpring's New Contextual Storefront for a Subscription Product NextGravity Forms Integration

Last updated 10 months ago