Each webbook request is accompanied by 4 header values you can use to verify the authenticity of the request.

Name	Description
X-AUTHVIA-SIGNATURE	The hashed signature using the shared secret.
X-AUTHVIA-VALUE	The value hashed to generate the signature.
X-AUTHVIA-TIMESTAMP	EPOCH in seconds for when the signature was created.
X-AUTHVIA-ALGORITHM	The algorithm used to generate the signature. Always SHA-256.

This algorithm will look familiar if you have already created a token using the Signature Logic. The VALUE is the basis for the hashing algorithm, but its combined with its length and the timestamp.

So to check if the request is valid, use the signature that applies to the Subscription and create a SHA-256 hash on {X-AUTHVIA-VALUE}.{X-AUTHVIA-VALUE.length}.{X-AUTHVIA-TIMESTAMP}.

To create your own secret, you can pass secret as an attribute when creating a Subscription. Alternatively, one is generated for you at the Account level, though you will have to contact us to get this secret value.