Guides

Webhook Authentication

Suggest Edits

Verifying events.

It’s important to always verify the origin of the events your webhook is receiving. This saves you the problem of dealing with bad actors and in turn, harming your application.

You can verify the origin of your webhook events by

  • Validating the webhook signature - valid webhook events from Patricia are raised with an X-Patricia-Signature which is essentially an HMAC SHA512 of the event payload signed using your secret key.
  • A set of IPs - All valid webhook from Patricia will come from these IPs: xxx.xxxx.xxx, xxx.xxx.xxx
/**
* $payload - This is the payload sent by Patricia
* $secretKey - This is the secret key you get from Patricia dashboard.
*/
hash_hmac('sha512', json_encode($payload), $secretKey);

👍

Static IP

Please kindly note that all webhook requests from Patricia will come from this IP - 34.78.78.64. Anything else should be ignored.

Updated almost 3 years ago