Although this step is optional, it is strongly recommend to improve security.


You can use this 3-step procedure to validate an individual webhook request to ensure it was sent by DG AutoCheck.


1. Get Verification Token

Note the Verification Token for your webhook.Every webhook notification sent to your endpoint URL will use the same verification token. This token will not change for your account.


2. Concatenate Token and Request

Once you have the Verification Token,concatenate that token along with the raw string representing the request body that was received. Do not convert the request body to any other type of object; if the library you're using automatically converts the request body to an object, look for a method to obtain the raw request body as text.


3. Calculate sha256 Hash

Calculate the sha256 hash of that concatenation. The result should match the contents of the X-DGAutoCheck-Signature header.