Webhook signature helper
Every webhook Verified Workflows sends is signed with HMAC-SHA256. Use this tool to sign a payload locally, verify your handler accepts genuine signatures, and grab a sample payload to test against.
Generate a signature header
Paste your webhook secret and the raw payload you want to send. We'll return the exact X-VerifiedWorkflows-Signature header to attach to the request.
Verify an incoming signature
Confirm your verification logic is correct. Provide the same three values your handler would receive. We recompute the digest and check it in constant time, with a 5-minute replay-protection window.
Sample payloads
Fetch a realistic webhook body for each event the platform emits. Use it with the Sign tab to produce a signed request for your local handler — no real task required.
How to use this sample
Fetch the sample payload
Click Fetch sample above. Copy the raw_body field.
Sign it with your secret
Switch to the Sign tab, paste your webhook secret and the raw_body, then copy the resulting X-VerifiedWorkflows-Signature header value.
POST to your handler
Send the body and header to your local webhook endpoint. Your verification code should accept it. Re-run with Tamper payload in the Verify tab to confirm it rejects modified bodies.