APIs & Integrations

Not applicable

Thoughts on Webhook "auth"

We need to setup a webhook that subscribes to contact deletions.

What is the recommended method for us to confirm that the request originated from HubSpot as opposes to someone finding our endpoint and posting their own data to it?

0 Upvotes
2 Replies 2
Derek_Gervais
HubSpot Alumni
HubSpot Alumni

Thoughts on Webhook "auth"

Hi @homerlex,

We populate a X-HubSpot-Signature header with a SHA-256 hash of the concatenation of the app-secret for your application and the request body we’re sending. You can create your own hash using the request body and your client secret, and compare the two to confirm the webhook requests are coming from HubSpot.

0 Upvotes
Not applicable

Thoughts on Webhook "auth"

Perfect, thanks a bunch.