Security Intermediate

What is Webhook Signature Verification?

A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.

Webhook signature verification ensures incoming webhook requests genuinely come from the expected service and have not been tampered with. The sender creates a signature (HMAC-SHA256) using the payload and a shared secret, included in a header.

The receiver recalculates the signature using the same secret and compares. If they match, the webhook is authentic. Services like Stripe (Stripe-Signature), GitHub (X-Hub-Signature-256), and PayPal use this pattern. Always verify signatures to prevent spoofed webhook attacks.

Learn More About This Topic

Linux Security Auditing

Related reading

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Related Terms

Input Validation

The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

A technique that controls the number of requests a client can make to a server within a specified time period.

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

View All Security Terms →