Skip to content

Commit

Permalink
Manually verifying: add webhook verification example.
Browse files Browse the repository at this point in the history
  • Loading branch information
@tasn
tasn committed Nov 15, 2024
1 parent 83b8f59 commit 19cf70d
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions docs/receiving/verifying-payloads/how-manual.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,20 @@ Please note that to compare the signatures it's recommended to use a constant-ti
### Verify timestamp

As mentioned above, Svix also sends the timestamp of the attempt in the `svix-timestamp` header. You should compare this timestamp against your system timestamp and make sure it's within your tolerance in order to prevent timestamp attacks.


### Example signatures

Here is an example you can use to verify you implemented everything correctly. Please note that this may fail verification due to the timestamp being old.

```javascript
secret = 'whsec_plJ3nmyCDGBKInavdOK15jsl';
payload = '{"event_type":"ping","data":{"success":true}}';
msg_id = 'msg_loFOjxBNrRLzqYUe';

Check warning on line 85 in docs/receiving/verifying-payloads/how-manual.mdx

View workflow job for this annotation

GitHub Actions / Check for typos 

"Ue" should be "Use" or "Due".
timestamp = '1731705121';

// Would generate the following signature:
signature = 'whsec_plJ3nmyCDGBKInavdOK15jsl';
```

Additionally, you can use the [webhook simulation tool](https://www.standardwebhooks.com/simulate) to generate as many examples as you need.

0 comments on commit 19cf70d

Please sign in to comment.