Skip to content

v1.1.0 - Webhook Signature Verification

Latest
Latest

Choose a tag to compare

View all tags
@brancogao brancogao released this 17 Feb 19:11
· 1 commit to main since this release
v1.1.0
88b7cb2

What's New in v1.1.0

🔐 Webhook Signature Verification

Verify that incoming webhooks are authentic and haven't been tampered with. Supports the most popular services:

Service Signature Format Header
Stripe HMAC-SHA256 + timestamp Stripe-Signature
GitHub HMAC-SHA256 (sha256=) X-Hub-Signature-256
Slack HMAC-SHA256 (v0=) X-Slack-Signature
Shopify HMAC-SHA256 (base64) X-Shopify-Hmac-SHA256
Generic HMAC-SHA256 X-Hub-Signature / X-Webhook-Signature

🎛️ Endpoint Configuration UI

Manage your verification secrets directly from the UI. Each endpoint can have its own signing secret.

✅ Verification Status Display

See at a glance whether each webhook was verified:

  • Verified - Signature matches, webhook is authentic
  • Not Verified - Signature doesn't match or no secret configured

Security

  • All signature verification happens server-side
  • Secrets are stored securely in Cloudflare D1
  • Stripe verification includes timestamp check to prevent replay attacks

Try It Out

Live demo: https://webhook-debugger.autocompany.workers.dev

Full Changelog

See CHANGELOG.md

Assets 2
Loading