Verify webhook signatures to confirm that received events are sent from Fasten Connect
Signing Secret
on the top right of the page.
Fasten Connect generates a unique secret key for each endpoint. If you use the same endpoint for both test and live API keys,
the secret is different for each one. Additionally, if you use multiple endpoints, you must obtain a secret for each one
you want to verify signatures for.
Webhook-Signature
header. Because this timestamp is part of the signed payload,
it’s also verified by the signature, so an attacker can’t change the timestamp without invalidating the signature.
If the signature is valid but the timestamp is too old, you can have your application reject the payload.
Fasten Connect generates the timestamp and signature each time we send an event to your endpoint. If Fasten Connect retries an
event (for example, your endpoint previously replied with a non-200 status code), then we generate a new signature and timestamp for the new delivery attempt.