From 19cf70dd739aa06971ee167706a9e68e2d6d2117 Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Fri, 15 Nov 2024 14:20:43 -0700
Subject: [PATCH] Manually verifying: add webhook verification example.

---
 .../receiving/verifying-payloads/how-manual.mdx | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/receiving/verifying-payloads/how-manual.mdx b/docs/receiving/verifying-payloads/how-manual.mdx
index e4f24b4..37e6253 100644
--- a/docs/receiving/verifying-payloads/how-manual.mdx
+++ b/docs/receiving/verifying-payloads/how-manual.mdx
@@ -73,3 +73,20 @@ Please note that to compare the signatures it's recommended to use a constant-ti
 ### Verify timestamp
 
 As mentioned above, Svix also sends the timestamp of the attempt in the `svix-timestamp` header. You should compare this timestamp against your system timestamp and make sure it's within your tolerance in order to prevent timestamp attacks.
+
+
+### Example signatures
+
+Here is an example you can use to verify you implemented everything correctly. Please note that this may fail verification due to the timestamp being old.
+
+```javascript
+secret = 'whsec_plJ3nmyCDGBKInavdOK15jsl';
+payload = '{"event_type":"ping","data":{"success":true}}';
+msg_id = 'msg_loFOjxBNrRLzqYUe';
+timestamp = '1731705121';
+
+// Would generate the following signature:
+signature = 'whsec_plJ3nmyCDGBKInavdOK15jsl';
+```
+
+Additionally, you can use the [webhook simulation tool](https://www.standardwebhooks.com/simulate) to generate as many examples as you need.