Clustrix Global Clustrix Global
Sign In Sign Up
Help / API & Integrations
API & INTEGRATIONS

Verifying webhook signatures

Updated by Clustrix Admin · May 21, 2026 · 6 views

Headers we send:

  • X-Clustrix-Signature: t=TIMESTAMP,v1=HASH
  • X-Clustrix-Event
  • X-Clustrix-Delivery-Id

Verify it

$expected = hash_hmac("sha256", $rawBody, $signingSecret);\nif (!hash_equals($expected, $providedHash)) abort(400);

Was this helpful?

Related articles

Setting up your first API token