Checking X-Loop-Signature Header

Example Webhook Validation Endpoints

See the code snippet in this recipe:

When receiving a webhook from Loop, use the secret provided for the webhook to create a sha256 HMAC of the request encoded as a base64 value. You can then compare that HMAC to the value that was provided in the X-Loop-Signature header of the request, to ensure that the values match. This will ensure that the request came from Loop.