Security & Verification

All webhooks include Standard Webhooks security headers for verification:
  • webhook-id: Unique identifier for the webhook event (used as idempotency key)
  • webhook-timestamp: Unix timestamp when the webhook was sent
  • webhook-signature: HMAC signature of the payload using your webhook secret
Use the Standard Webhooks libraries to verify webhook authenticity. See the verification documentation for implementation details.