Skip to content
Notifications

Webhook Signatures

HarborGuard signs all webhook payloads with HMAC-SHA256, allowing you to verify that payloads originate from HarborGuard and have not been tampered with.

Signature Header

Each webhook request includes an X-HarborGuard-Signature header containing the HMAC-SHA256 signature of the request body.

Verification

  1. Read the raw request body (do not parse JSON first)
  2. Compute HMAC-SHA256 using your webhook secret as the key
  3. Compare the computed signature with the X-HarborGuard-Signature header
  4. Reject requests where signatures do not match

Delivery History

View webhook delivery history, including response codes and retry attempts, from the channel detail page in Settings > Notifications.

Previous

Alert Rules

Next

Stripe Integration

On this page