Eka-Webhook-Signature
in each request, which you can validate against your expected signature to confirm the webhook’s origin and integrity.
Eka-Webhook-Signature
header from the incoming webhook request. This header contains the signature and a timestamp.Eka-Webhook-Signature
with the generated signature to confirm the authenticity of the webhook request.Eka-Webhook-Signature
header in the following format:
Eka-Webhook-Signature
, prefixed by v1=
, to the expected signature. If they match, then you can trust that the event payload was issued by Eka Care and has not been tampered with.
Eka-Webhook-Signature
header, prefixed by t=
. Reject webhooks if the timestamp is too old based on a defined tolerance zone (e.g., 3 minutes).
In the example below, the tolerance zone is set to 3 minutes, so any webhooks received that are older than 3 minutes will be rejected.