Webhook Signature

You should grab the webhook signature value from the HTTP Header: as-signature-hmac-sha256.

You can recalculate the same signature by creating an HMAC with SHA256, using the provided webhook secret and the HTTP request body, for successful verification. You can also refer to the examples below for calculating a signature.

Please be aware that the header and format are not the same as our AfterShip product's webhooks. Please strictly follow this specification.

The following Node.js example demonstrates the computation of a webhook signature.


Note: For some of the existing organizations, the signature Header is am-webhook-signature and the header value is in the form of hmac-sha256={signature}. This only applies to organizations created before Oct 25, 2022