# Webhook Verification Here is a guide on how to verify Sendstack webhooks: 1. **Obtain the signature**: When you receive a webhook event, it includes a signature in the `x-sendstack-signature` header. This signature is generated by computing an HMAC with the SHA256 hash function, using your App Secret as the key, and the `webhookId` on the payload object. 2. **Compute your own signature**: To verify the authenticity of the webhook event, you need to compute your own signature using the same method as above. You can do this by computing an HMAC with the SHA256 hash function, using your App secret as the key, and the `webhookId` property on the payload as the message. 3. **Compare signatures**: Once you have computed your own signature, you can compare it to the signature provided in the `x-sendstack-signature` header. If the two signatures match, then you can be sure that the webhook event was sent by Sendstack and has not been tampered with. You can use a similar function as displayed below: ```javascript const crypto = require('crypto'); function verifySignature(payload, signature, appSecret) { const computedSignature = crypto .createHmac("sha256", appSecret) .update(JSON.stringify(payload.webhookId)) .digest('hex'); return crypto.timingSafeEqual( Buffer.from(signature), Buffer.from(computedSignature) ); } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sendstackhq.com/the-basics/webhook-verification.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.