Webhook Signature

You should grab the webhook signature value from the HTTP Header: am-webhook-signature. This header will be in the form of hmac-sha256={signature}.

You can recalculate the same signature by creating an HMAC with SHA256, using the provided webhook secret and the HTTP request body, for successful verification. You can also refer to the examples below for calculating a signature.

Please be aware that the header and format are not the same as our AfterShip product's webhooks. Please strictly follow this specification.

The following Node.js example demonstrates the computation of a webhook signature.