1

Get your webhook secret

Log in to Doczilla and grab your webhook secret key from the organizations settings page.

2

Get the header

The x-doczilla-signature header is included in each webhook call containing a signature that you can verify.

Doczilla generates signatures using a hash-based message authentication code (HMAC) with SHA-256. To prevent downgrade attacks.

3

Verify the signature with raw body

To verify your webhook simply re-create the signature with your webhook secret and the raw body.

See also Webhook event for the full event payload.

Examples

Was this page helpful?