Get Events Via Webhooks
Verify Webhooks
This guide highlights the steps to verify incoming webhooks using signatures
Webhook signatures are strings used to verify the validity of an incoming webhook event. This signature is passed as header values in the format: X-Neynar-Signature
.
The validation is an important process to prevent exploitation and malicious webhook requests.
Verification Process
1
Create a new signature string
Use an HMAC library of your choice to create a sha512 digest with the following:
- Shared secret - Find this on the Developer Portal
- Encoding format - This is always
hex
- Request payload - The request body object of the webhook POST
2
Compare the signatures
Compare the signatures from Step 1 and the request header X-Neynar-Signature
Example
Here’s an example of a Next.js API handler validating a signature from a request.
Appendix
- Caveats and additional details can be found here: Verification of simple signatures
Was this page helpful?