We strongly recommend that developers use our signing libraries to verify the
Tl-Signature of received webhooks.
For example, our Java library:
Verifier.verifyWithJwks(jwks) .method("POST") .path(path) .headers(allWebhookHeaders) .body(body) .verify(webhookSignature);
We encourage the use of our signing libraries for easier integration.
If you want to verify webhook signatures, refer to our Github reference implementations and examples.
In particular, see this document, which describes the signing and verification scheme.
Updated about 2 months ago