504status code, it retries up three additional times, waiting longer between each call. For any other status code over
399, the API backs off on first try.
Certn-Signatureheader along with each request to your endpoints. This header allows you to confirm that the request came from us.
Certn-Signatureheader. Because this timestamp is part of the signed payload, it is also verified by the signature, so an attacker cannot change the timestamp without invalidating the signature. If the signature is valid but the timestamp is too old, you can have your application reject the payload.
2xxstatus code), then a new signature and timestamp is generated for the new delivery attempt.
Certn-Signatureheader included in each signed event contains a timestamp and one or more signatures. The timestamp is prefixed by
t=, and each signature is prefixed by a scheme. Schemes start with
v, followed by an integer. Currently, the only valid live signature scheme is
,character as the separator, to get a list of elements. Then split each element, using the
=character as the separator, to get a prefix and value pair.
tcorresponds to the timestamp, and
v1corresponds to the signature (or signatures). You can discard all other elements.
signed_payloadstring is created by concatenating:
signed_payloadstring as the message.
signed_payloadand splitting the
v1prefix from the signature):