Learn how to verify webhook requests to ensure they’re coming from Dub.
Dub-Signature
header. Dub generates this header using a secret key that only you and Dub know.
An example header looks like this:
DUB_WEBHOOK_SECRET
). Do not commit it to git or add it in any client-side code.
Dub-Signature
header.SHA-256
hash function and the secret.HMAC
with the one sent in the Dub-Signature
header. If they match, the webhook is verified.