Webhook Security
Learn how to implement signature verification for secure communication with webhooks
When creating webhooks, you have the option to provide a secret key for added security. This secret key is used to generate a signature for each outgoing payload. To ensure the integrity of incoming webhook payloads, you can validate the signature on your server.
To add a Webhook, go to the Developers tab of your Fuse account.
Providing a Secret Key
When creating or configuring a webhook, include a secret key in the webhook settings. This key is a shared secret between our server and the recipient of the webhook.
Signature Generation
The signature is generated using the HMAC (Hash-based Message Authentication Code) algorithm with SHA-256. The process involves creating a hexdigest using the secret key and the raw payload of the webhook.
Signature Verification
To validate the incoming webhook payload, you need to generate the signature on your end using the same process and compare it with the signature provided in the incoming request.
Example Code
Below are samples for HTTP requests that handle the signature verifcation process.