Terra will always sign the webhook events it sends to your endpoint by including a signature in each event’s
terra-signature header. This allows you to verify that the events were sent by Terra and not by a malicious third party. You can verify signatures either using our official libraries, or manually using your own solution.
Using the raw request body
Make sure that the payload used by the signature verification function is the raw, unaltered payload straight from the incoming POST request.
i.e. do not load the JSON as an object, then pass it into the function
Updated 4 months ago