Glossary

HMAC (Hash-based Message Authentication Code)

A cryptographic construction that produces a tag from a message and a shared secret, verifiable by anyone with the secret.

RateStack signs every webhook delivery with HMAC-SHA256 over ${timestamp}.${body} using the subscription secret. Verify with constant-time compare. Reject deliveries with timestamps older than 5 minutes.

Guide: Setting up webhooks safely

← Back to glossary