Webhook headers

`Webhook-Id`

The Webhook-Id header allows you to build an idempotent implementation if you wish to, in case the same webhook is sent more than once.

`Webhook-Signature`

The Webhook-Signature allows you to verify that the webhook is legitimate and comes from Flip's servers. In order to compute the signature, you will need to receive a signing key from Flip (please ask if you don't have it).

We follow the implementation recommended by the "standard-webhooks" standard. For more information, please check out their docs.

Here's an implementation in TypeScript:

Where:

body is the body of the webhook request

id is the value of the Webhook-Id header

signature is the value of the Webhook-Signature header

signingKey is the secret signing key provided by Flip

timestamp is the value of the Webhook-Timestamp header

`Webhook-Timestamp`

The Webhook-Timestamp header represents the UNIX time in seconds when the webhook was created. Use it to prevent replay attacks. The value should be within 10 minutes of the current time.

Webhook-Id#

Webhook-Signature#

Webhook-Timestamp#

`Webhook-Id`

`Webhook-Signature`

`Webhook-Timestamp`