Circleci Webhook Secret token decryption or validation

There is nothing in the docs about how I would validate the secret token from a circleci webhook.

Currently, when you enter one it adds a header to the request Circleci-Signature v1=*********.

I have no idea how to validate that this is from circleci nor how to decode it and I didn’t see anything in the docs describing it either.

Any help would be greatly appreciated, thanks.

Hi @fmc100 ,

Currently only the “v1” signature will be provided, and it is computed by
running HMAC-SHA256 on the request body, using the configured signing secret as
the secret key. We are working on updating the documentation, but here is a sample that shows how to decode/verify the signature:

If you have any additional questions please feel free to let me know!

Best Regards