Skip to content
← Back to Glossary
API Security Checked by Vezraa

Webhook Signature Verification

Cryptographically verifying that webhook events come from the expected service.

Webhook signature verification ensures the event was sent by the legitimate service (Razorpay, Stripe, GitHub, etc.) and wasn't tampered with. Implemented by computing an HMAC of the request body with a shared secret and comparing to the signature header.

Related Terms

See if your app is vulnerable

Vezraa checks for this security issues. Scan in 25 seconds.

Webhook Signature Verification — Security Glossary | Vezraa