Secure your Webhook

Learn how to verify webhook signatures to make sure malicious actors can't send fake data to your server

Terra will always sign the webhook events it sends to your endpoint by including a signature in each event’s terra-signature header. This allows you to verify that the events were sent by Terra and not by a malicious third party. You can verify signatures either using our official libraries, or manually using your own solution.


Using the raw request body

Make sure that the payload used by the signature verification function is the raw, unaltered payload straight from the incoming POST request.
i.e. do not load the JSON as an object, then pass it into the function