Verify webhook signatures
Use our signing libraries to confirm that webhook events are sent by TrueLayer.
We strongly recommend that developers use our signing libraries to verify the Tl-Signature of received webhooks.
For example, our Java library:
Verifier.verifyWithJwks(jwks)
.method("POST")
.path(path)
.headers(allWebhookHeaders)
.body(body)
.verify(webhookSignature);
Verify webhooks without using libraries
Manual verification
We recommend that you use our signing libraries for easier integration.
To verify webhook signatures, refer to our Github reference implementations and examples.
In particular, see this page, which describes the signing and verification scheme.
Updated about 1 month ago