Verify Payload
Your clients might want to verify the payload you sent them. For each Endpoint Webhouk generates a secret. You must provide it to your client, so that they can verify the payload Webhouk sends to them.
#
Get Endpoint SecretSecret is available via Dashboard:
or via API:
#
Verify Webhouk requestAfter you provide Endpoint Secret to your clients they are able to verify Webhouk request:
Every Webhouk request has 3 special headers:
wh-id
- unique message ID.wh-ts
- timestamp of when message was generated.wh-signature
- HMAC sha-256 based signature. It's generated for every id-ts-payload triplet, so if any of these 3 parameters have changed the signature changed as well.