To keep you updated on the status of your application in real time, we provide webhook event notifications. These notifications are sent to a registered callback URL, ensuring seamless communication between systems.
Register Your Callback URL
You will need to register a callback URL where webhook event notifications will be sent.
Verify Webhook Signature
To ensure the authenticity and integrity of a webhook event, a secure signature is included in the Signature header. This signature is generated using the HMAC-SHA256 hashing algorithm.
The signature is computed as follows:hash_hmac('sha256', [EVENT JSON], [SUBSCRIPTION SECRET])
Where:
[EVENT JSON]is the raw JSON payload of the event (before any parsing or modification).[SUBSCRIPTION SECRET]is the secret key associated with the webhook subscription.
To verify the signature:
- Generate your own HMAC-SHA256 hash using the received event payload and your subscription secret.
- Compare your generated signature with the value from the
Signatureheader.- If they match, the webhook event is authentic and has not been tampered with.
- If they do not match, the event should be discarded as potentially unsafe.