Signature verification

Webhook Signature Verification

Webhook signatures is your way to verify that webhook messages are sent by us. For a more detailed explanation, check out this article on why you should verify webhooks.

How to verify webhooks with Svix Libraries

Our webhook partner Svix offers a set of useful libraries that make verifying webhooks very simple. Here is an example using Javascript:

import { Webhook } from "svix";

const secret = "whsec_MfKQ9r8GKYqrTwjUPD8ILPZIo2LaLaSw";

// These were all sent from the server
const headers = {
"webhook-id": "msg_p5jXN8AQM9LWM0D4loKWxJek",
"webhook-timestamp": "1614265330",
"webhook-signature": "v1,g0hM9SsE+OTPJTGt/tmIKtSyZlE3uFJELVlNIOLJ1OE=",
};
const payload = '{"test": 2432232314}';

const wh = new Webhook(secret);
// Throws on error, returns the verified content on success
wh.verify(payload, headers);

📘
Secret access
To get your signature validation secret, you need to first add an endpoint through our webhooks UI: https://docs.ansa.dev/docs/webhooks#adding-an-endpoint
Once you've done that, you can find the signing secret on the endpoint page.

For more instructions and examples of how to verify signatures, check out their webhook verification documentation.

Webhook Signature Verification

How to verify webhooks with Svix Libraries

📘Secret access

📘
Secret access