How to use X-Hook-Signature for simple webhook verification
How to use X-Hook-Signature for HMAC-SHA512 webhook verification when writing a Python web server.
How to use X-Hook-Signature for simple webhook verification
How to use X-Hook-Signature when writing a Python web server
When building a webhook receiver in Python, you often need to verify the authenticity of incoming requests. The X-Hook-Signature header contains an HMAC-SHA512 digest of the request body, signed with a shared secret. The following curl command demonstrates how to compute the signature and send it alongside the payload, which your server can then verify.
1
2
3
curl -H "X-Hook-Signature: $(echo -n '{"key":"value"}' | openssl dgst -sha512 -hmac "secret" -hex | cut -d" " -f2)" \
-H "Content-Type: application/json" -d '{"key":"value"}' \
http://127.0.0.1:5000/create-group
This post is licensed under CC BY 4.0 by the author.