Verifying webhook requests from the Apten API.
X-Signature-SHA256
header. The X-Signature-SHA256
header contains a HMAC SHA256
signature of the request body using your webhook secret. You can verify the signature by
recomputing the HMAC signature using the request body and your webhook secret, and comparing
it to the value in the X-Signature-SHA256
header.
==
operator. A safer alternative includes
crypto.timingSafeEqual
or compare_digest
, which helps protect you from
certain timing attacks against regular equality operators.