Skip to main content
Signs the request body with a cryptographic key and attaches the resulting signature as an HTTP header. This is a common pattern for webhooks and APIs: it lets the receiver confirm that a request came from a trusted party and that the body has not been changed along the way. Add it to an HTTP API connection and every request is signed automatically. It supports HMAC (with a shared secret) and RSA (with your private key), each in SHA-256 and SHA-512.

Fields

Sample data

This feature signs outgoing requests rather than transforming data, so there is no before/after to show. A typical configuration for GitHub-style webhook signing, which uses HMAC SHA-256 with a sha256= prefix, looks like this:
FieldValue
AlgorithmHMAC SHA-256
Shared secretyour-webhook-secret
Header nameX-Hub-Signature-256
Header contentsha256={signature}
EncodingHex
With these settings, every request carries a header such as X-Hub-Signature-256: sha256=<computed signature of the body>.