Signing Webhooks
When Luly sends a webhook, it calculates a signature using the HMAC algorithm with the SHA-256 hash function. The signature is then included in theX-Webhook-Signature
header of the request
To create a webhook signing secret, first go to the Account Settings in the Dev Portal and click on the “Keys” tab.
Here you can create a new secret by clicking “Replace Secret”. It will only be shown once, so save it securely
Verifying Webhooks
To verify a webhook, you need to calculate the HMAC signature of the request body using the secret key and compare it to the signature in theX-Webhook-Signature
header.
Note that you must first create a webhook signing secret in the Account Settings in the Dev Portal
Here’s what an example response might look like: