diff --git a/docs/mint.json b/docs/mint.json index a6b2d3bd..215209d9 100644 --- a/docs/mint.json +++ b/docs/mint.json @@ -72,7 +72,6 @@ "running-tasks/introduction", "running-tasks/api-spec", "running-tasks/webhooks-faq", - "running-tasks/totp-verification-code", "running-tasks/visualizing-results", "running-tasks/prompting-tips", "running-tasks/advanced-features" diff --git a/docs/running-tasks/advanced-features.mdx b/docs/running-tasks/advanced-features.mdx index 55561174..2c544f3a 100644 --- a/docs/running-tasks/advanced-features.mdx +++ b/docs/running-tasks/advanced-features.mdx @@ -20,3 +20,38 @@ Headers: Body: .. usual task body .. ``` + +## Time-based One-time Password (TOTP) + +Skyvern supports one-time password (see https://www.twilio.com/docs/glossary/totp for more information) by fetching it from your endpoint. You can pass `totp_verification_url` when [creating a task](/running-tasks/api-spec#request-initiate-a-task). Inside this endpoint hosted by you, you have to conform to the following schema: + +## Set Up Your TOTP Endpoint +For websites that requires a verification code to complete a task, you have to set up a TOTP endpoint for Skyvern to fetch the verification code. + +Here's the TOTP endpoint contract you should use: + +Request (POST): +| Parameter | Type | Required? | Sample Value | Description | +| --- | --- | --- | --- | --- | +| task_id | String | yes | tsk_123 | The task ID that needs the verification to be done | + +Response: +| Parameter | Type | Required? | Sample Value | Description | +| task_id | String | yes | tsk_123 | The task ID that needs the verification to be done | +| verification_code | String | no | 123456 | The verification code | + +## Validate The Sender of The Request +Same as the webhook API, your server needs to make sure it’s Skyvern that’s making the request. + +- a python example for how to generate and validate the signature: + +```python +def validate_skyvern_request_headers(request: Request) -> bool: + header_skyvern_signature = request.headers["x-skyvern-signature"] + payload = request.body() # this is a bytes + hash_obj = hmac.new(SKYVERN_API_KEY.encode("utf-8"), msg=payload, digestmod=hashlib.sha256) + client_generated_signature = hash_obj.hexdigest() + return header_skyvern_signature == client_generated_signature +``` + +SKYVERN_API_KEY: this is the [api key](/running-tasks/introduction) specific to your organization diff --git a/docs/running-tasks/totp-verification-code.mdx b/docs/running-tasks/totp-verification-code.mdx deleted file mode 100644 index ddf3325d..00000000 --- a/docs/running-tasks/totp-verification-code.mdx +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Time-based One-time Passowrd -description: 'How Skyvern gets the one time password from you?' ---- - -Skyvern supports one-time password by fetching it from your endpoint. You can pass `totp_verification_url` when creating a task. Inside this endpoint hosted by you, you have to conform to the following schema: - -## Set Up Your Time-based One-time Password (TOTP) Endpoint -For websites that requires a verification code (see https://www.twilio.com/docs/glossary/totp for more information) to complete a task, you have to set up a TOTP endpoint for Skyvern to fetch the verification code. - -Here's the TOTP endpoint contract you should use: - -Request (POST): -| Parameter | Type | Required? | Sample Value | Description | -| --- | --- | --- | --- | --- | -| task_id | String | yes | tsk_123 | The task ID that needs the verification to be done | - -Response: -| Parameter | Type | Required? | Sample Value | Description | -| task_id | String | yes | tsk_123 | The task ID that needs the verification to be done | -| verification_code | String | no | 123456 | The verification code | - -## Validate The Sender of The Request -Same as the webhook API, your server needs to make sure it’s Skyvern that’s making the request. - -- a python example for how to generate and validate the signature: - -```python -def validate_skyvern_request_headers(request: Request) -> bool: - header_skyvern_signature = request.headers["x-skyvern-signature"] - payload = request.body() # this is a bytes - hash_obj = hmac.new(SKYVERN_API_KEY.encode("utf-8"), msg=payload, digestmod=hashlib.sha256) - client_generated_signature = hash_obj.hexdigest() - return header_skyvern_signature == client_generated_signature -``` - -SKYVERN_API_KEY: this is the [api key](/running-tasks/introduction) specific to your organization