There is nothing in the docs about how I would validate the secret token from a circleci webhook.
Currently, when you enter one it adds a header to the request Circleci-Signature v1=*********.
I have no idea how to validate that this is from circleci nor how to decode it and I didn’t see anything in the docs describing it either.
Any help would be greatly appreciated, thanks.
Hi @fmc100 ,
Currently only the “v1” signature will be provided, and it is computed by
running HMAC-SHA256 on the request body, using the configured signing secret as
the secret key. We are working on updating the documentation, but here is a sample that shows how to decode/verify the signature:
If you have any additional questions please feel free to let me know!
Best Regards