Events security

HMAC token

Each webhook POST request is signed with an HMAC token, that was generated with the same secret that Customate has provided to the client and webhook event id as a key.

It is required that the client validates this token before starting event processing.

HMAC token generation principles are the same as for the Authentication process.

Table of Contents