File tree Expand file tree Collapse file tree 1 file changed +9
-4
lines changed
npm-packages/docs/docs/production/integrations/log-streams Expand file tree Collapse file tree 1 file changed +9
-4
lines changed Original file line number Diff line number Diff line change @@ -71,13 +71,18 @@ logs via POST requests to any URL you configure. The only parameter required to
7171set up this stream is the desired webhook URL.
7272
7373A request to this webhook contains as its body a JSON array of events in the
74- schema defined below. The request body is signed using HMAC-SHA256 and encoded
75- as a lowercase hex string, and the resulting signature is included in the
74+ schema defined below.
75+
76+ ## Securing webhook log streams
77+
78+ Webhook log stream requests include a signature so you can verify that a request
79+ is legitimate. The request body is signed using HMAC-SHA256 and encoded as a
80+ lowercase hex string, and the resulting signature is included in the
7681` x-webhook-signature ` HTTP header. The HMAC secret is visible in the dashboard
7782upon configuring the webhook.
7883
79- To verify the authenticity of a webhook request, sign and encode the request
80- body using the HMAC secret and
84+ To verify the authenticity of a request, sign and encode the request body using
85+ the HMAC secret and
8186[ compare the result in constant time] ( https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html )
8287(for instance using
8388[ ` SubtleCrypto.verify() ` ] ( https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify )
You can’t perform that action at this time.
0 commit comments