This tool verifies HMAC-style webhook signatures for providers that sign the raw request payload with a shared secret.
How to use:
- Paste the exact raw Payload body that was sent by the webhook provider.
- Enter the shared Secret used to sign the request.
- Paste the incoming Provided signature exactly as received from the webhook header.
- Select the correct Algorithm and signature format, and optionally set a prefix such as
sha256=.
- Click Verify Signature to compare the supplied signature with the calculated HMAC and review both hex and Base64 outputs.