Learn how to securely verify webhook signatures to ensure requests are from Exa
Exa-Signature
header, which contains:
t=
) indicating when the webhook was sentv1=
) computed using the timestamp and payloadExa-Signature
headerhmac.compare_digest()
in Python or crypto.timingSafeEqual()
in Node.js to prevent timing attacks.