Skip to content
Get Started Free

Webhook signing

  1. Each delivery includes X-ErrorNotifier-Signature.
  2. The signature format is t=<unix>,v1=<hmac-sha256>.
  3. Verify the HMAC over "<timestamp>.<raw body>" using the webhook secret.
  4. Reject stale timestamps and never trust unsigned payloads.
expected = hmac_sha256(timestamp + "." + raw_body, webhook_secret)