Webhooks
Cryptographic Handshake Ping for Webhook Validation
Deliver a signed webhook.ping test event to validate HMAC-SHA256 signature verification on a registered endpoint without triggering live compliance data.
POST
Python
Dispatches a mock
webhook.ping event to the registered callback URL, signed with the webhook’s current HMAC-SHA256 signing secret and delivered via the standard X-AgriBackup-Signature header. This lets your security engineering team verify that signature validation is correctly implemented before your integration goes live — no compliance data is processed or modified.
The ping payload follows the same structure as all production events, including eventType, eventId, timestamp, and attempt fields. Your endpoint should respond with HTTP 200 to acknowledge receipt.
What to Verify
Use the ping to confirm the following in your webhook handler:- The raw request body is read as bytes before any parsing.
HMAC-SHA256(signingSecret, rawBody)is computed and hex-encoded correctly.- The computed hash is compared to the
X-AgriBackup-Signatureheader using a constant-time comparison. - Your server returns
200 OKwithin the expected timeout window.
Rotate the HMAC-SHA256 Signing Secret for a Webhook
Previous
Permanently Delete an EUDR Webhook Registration
Next