The signature header is a space delimited list of signatures associated with this webhook. The reason it is a list, and not just one signature is to support zero downtime secret rotation. The secret key used for the signature should not be changed under normal circumstances, but it may be required that it does change under some circumstances (e.g. compromise). Supporting zero downtime secret rotation means that webhook operations won’t be affected during the secret rotation process. (Webhook Standard webhooks: Standard Webhooks)


JSON

Return to list of all ( HTTP Header Fields | Web Concepts )