Webhook Security

Signature verification

Verify webhook signatures to ensure requests come from Missinglettr.

Signature Verification

Each webhook includes an X-Webhook-Signature header containing an HMAC-SHA256 signature.

const crypto = require('crypto');

function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return signature === expected;
}

Events Python