• zk-verified ✓atlas treasury
  • 11.84%kamino · usdc
  • 18.20%drift · ksol
  • 9.40%marginfi · usdc
  • 14.10%jupiter · jlp
  • 7.80%kamino · jitosol
  • 8.92%drift · usdc
  • 22.40%orca · sol-usdc
  • 24.10%raydium · sol-usdc
  • 6.20%marginfi · sol
  • 12.30%kamino · pyusd
  • 19.80%jupiter · jlp-perp
  • 5.40%meteora · usdc-usdt
AtlasAtlas/docs
Open App

Webhooks

Signed payloads with HMAC and a replay window.

Atlas signs every webhook payload with an HMAC of the body plus a replay window so the receiver can reject stale or replayed events. The management UI ships in a follow-up; the wire format is stable.

Event shapes

See /docs/api for every event shape. Each delivery includes the X-Atlas-Signature and X-Atlas-Timestamp headers; reject anything older than 5 minutes after parsing the body.

Verifying a signature

import crypto from "node:crypto";

function verify(body: string, sig: string, ts: string, secret: string): boolean {
  const window = Math.abs(Date.now() / 1000 - Number(ts));
  if (window > 300) return false;            // 5-minute replay window
  const expected = crypto
    .createHmac("sha256", secret)
    .update(`${ts}.${body}`)
    .digest("hex");
  return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(sig));
}
⌘ I