Webhooks

Configure, validate, and replay webhooks.

TrustVerify pushes events to your configured webhook URL with an HMAC signature in the `X-TV-Signature` header.

Verify with your tenant's webhook secret using HMAC-SHA-256. Three retries with exponential backoff before the delivery moves to the dead-letter queue.

Node.js

const crypto = require('crypto');
function verify(rawBody, signature, secret) {
  const mac = crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(mac), Buffer.from(signature));
}