Skip to main content

Validating requests

All webhook requests from FreJun will contain a header called frejun-signature

To verify the signature:

  • Create a utf-8 encoded string that concatenates together Request Method + Request URI + Request Body
  • Generate an HMAC SHA-256 hash of the resulting string using your app's Client Secret as the secret and base64 encode the result
  • The request is valid if the resulting value matches frejun-signature