Validation

To ensure the authenticity and integrity of webhook requests, all webhooks include cryptographic signatures that you should validate.

How to Validate

• Each webhook has a unique webhook secret. You can obtain the webhook secret from the Svix Portal access provided to you. Make sure not to commit this to a version control system.
• Each webhook request includes the following Svix headers:
  • svix-id - Unique identifier for the webhook message
  • svix-signature - HMAC signature for validation
  • svix-timestamp - Timestamp when the webhook was sent

Validation Methods

Option 1: Using the Svix SDK (Recommended)

You can use the Svix SDK to validate webhook requests in your preferred programming language. Follow this guide: Webhook Validation Guide.

Option 2: Manual Verification

If you prefer not to use the Svix SDK, you can manually verify the request using HMAC with SHA-256 by following this guide: Manual Verification Guide.