Skip to main content

Webhooks

Receive HTTP callbacks when document events occur. Learn more →

Registered webhooks (0)

Verifying webhook signatures

Every delivery includes an X-PhantomDocs-Signature header. Verify it with HMAC-SHA256:

// Node.js example
const crypto = require('crypto');

function verify(secret, rawBody, signature) {
  const expected = 'sha256=' +
    crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature)
  );
}