Your Webhooks
Signature Verification
Verify webhook authenticity using HMAC-SHA256:
const signature = req.headers['x-webhook-signature'];
const payload = JSON.stringify(req.body);
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
const valid = signature === expected;Retry Policy
Failed deliveries are retried automatically:
- 3 retry attempts
- Exponential backoff (5s, 30s, 60s)
- Webhook disabled after 10 consecutive failures