v1/organizations
WEBHOOK
Authorizations
The signature header follows the format t={timestamp},v1={signature}
.
Verification steps:
- Extract the timestamp and signature from the signature header
- Reject the request if the timestamp is older than 5 minutes
- Recreate the signed payload: '{timestamp}.{raw_request_body}'
- Compute HMAC-SHA256 of the signed payload using your webhook secret as the key
- Compare the computed signature with the one in the header
Body
application/json
Response
200
Webhook received successfully