OdyhookSign in

Signature verification

Odyhook verifies the inbound signature before persisting an event. Pick a verification style per source so Odyhook knows which header to read and how the signature was computed.

StyleHeader readWhat's signed
stripeStripe-Signature: t=<ts>,v1=<hex>HMAC-SHA256 of <ts>.<rawBody>. A 300s timestamp tolerance gives replay protection.
githubx-hub-signature-256sha256= + hex of HMAC-SHA256 over the raw body.
generic-sha256x-signature-256 (or x-signature)Hex of HMAC-SHA256 over the raw body, optionally sha256= prefixed.