{"id":35959,"date":"2025-09-19T02:53:29","date_gmt":"2025-09-18T23:53:29","guid":{"rendered":"https:\/\/outscraper.com\/?p=35959"},"modified":"2026-04-08T19:02:01","modified_gmt":"2026-04-08T16:02:01","slug":"how-to-verify-webhook-request","status":"publish","type":"post","link":"https:\/\/outscraper.com\/es\/how-to-verify-webhook-request\/","title":{"rendered":"How to Verify Outscraper Webhook Request Signatures"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"35959\" class=\"elementor elementor-35959\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-9926d85 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9926d85\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-72180bdb\" data-id=\"72180bdb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-12b979d4 elementor-widget elementor-widget-text-editor\" data-id=\"12b979d4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"390\" data-end=\"609\">When you configure a webhook URL in your <a data-start=\"431\" data-end=\"467\" class=\"decorated-link\" target=\"_blank\" href=\"https:\/\/auth.outscraper.com\/integrations\" rel=\"noopener\">Outscraper<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/span><\/a> integration settings, our system will automatically send a <code data-start=\"527\" data-end=\"533\">POST<\/code> request with the scraped results to that URL whenever a task\/reuqest is finished.<\/p>\n<p data-start=\"611\" data-end=\"788\">For security, every webhook payload is signed using <strong data-start=\"663\" data-end=\"690\">your Outscraper API key<\/strong>. This allows you to verify that the webhook truly comes from Outscraper and has not been altered.<\/p>\n<h2 data-start=\"795\" data-end=\"822\">Step 1. Signature Header<\/h2>\n<p data-start=\"824\" data-end=\"876\">Every webhook request includes an additional header:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-57030b0 elementor-widget elementor-widget-code-highlight\" data-id=\"57030b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-xml \">\n\t\t\t\t<code readonly=\"true\" class=\"language-xml\">\n\t\t\t\t\t<xmp>X-Hub-Signature-256: sha256=<signature><\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fd54ebe elementor-widget elementor-widget-text-editor\" data-id=\"fd54ebe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul data-start=\"927\" data-end=\"1151\">\n<li data-start=\"927\" data-end=\"994\">\n<p data-start=\"929\" data-end=\"994\"><code data-start=\"929\" data-end=\"942\">&lt;signature&gt;<\/code> is an HMAC-SHA256 digest of the raw JSON payload.<\/p>\n<\/li>\n<li data-start=\"995\" data-end=\"1049\">\n<p data-start=\"997\" data-end=\"1049\">It is generated using <strong data-start=\"1019\" data-end=\"1046\">your Outscraper API key<\/strong>.<\/p>\n<\/li>\n<li data-start=\"1050\" data-end=\"1151\">\n<p data-start=\"1052\" data-end=\"1151\">To verify authenticity, you need to compute the same digest locally and compare it with the header.<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"1013\" data-end=\"1047\">Step 2. Example Webhook Request<\/h2>\n<p data-start=\"1049\" data-end=\"1095\">Here\u2019s what a real webhook request looks like:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4987bff elementor-widget elementor-widget-code-highlight\" data-id=\"4987bff\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-http \">\n\t\t\t\t<code readonly=\"true\" class=\"language-http\">\n\t\t\t\t\t<xmp>POST \/webhooks HTTP\/1.1\nHost: your-domain.com\nContent-Type: application\/json\nX-Hub-Signature-256: sha256=7b6b9d07b1c0d7ff3b4b3fcecbf9c08a5f6c2a248ef12c7a37a7269d3a5b1b93\n\n{\n  \"id\": \"your-request-id\",\n  \"user_id\": \"your-user-id\",\n  \"status\": \"SUCCESS\",\n  \"api_task\": true,\n  \"results_location\": \"https:\/\/api.outscraper.cloud\/requests\/your-request-id\",\n  \"quota_usage\": [\n    {\n      \"product_name\": \"Google Maps Data\",\n      \"quantity\": 1\n    }\n  ]\n}\n<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-5c3f269 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5c3f269\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5528caf\" data-id=\"5528caf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d9fe1c5 elementor-widget elementor-widget-text-editor\" data-id=\"d9fe1c5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"1637\" data-end=\"1657\">Step 3. Verifying<\/h2>\n<p data-start=\"1659\" data-end=\"1697\">To verify a webhook request, you must:<\/p>\n<ol data-start=\"1699\" data-end=\"1983\">\n<li data-start=\"1699\" data-end=\"1758\">\n<p data-start=\"1702\" data-end=\"1758\">Read the <strong data-start=\"1711\" data-end=\"1731\">raw JSON payload<\/strong> (not the parsed object).<\/p>\n<\/li>\n<li data-start=\"1759\" data-end=\"1833\">\n<p data-start=\"1762\" data-end=\"1833\">Compute an HMAC-SHA256 digest of this payload using your <strong data-start=\"1819\" data-end=\"1830\">API key<\/strong>.<\/p>\n<\/li>\n<li data-start=\"1834\" data-end=\"1928\">\n<p data-start=\"1837\" data-end=\"1928\">Prepend it with <code data-start=\"1853\" data-end=\"1864\">\"sha256=\"<\/code> and compare to the value in the <code data-start=\"1897\" data-end=\"1918\">X-Hub-Signature-256<\/code> header.<\/p>\n<\/li>\n<li data-start=\"1929\" data-end=\"1983\">\n<p data-start=\"1932\" data-end=\"1983\">Reject the request if the signatures don\u2019t match.<\/p>\n<\/li>\n<\/ol>\n<h3 data-start=\"1985\" data-end=\"2003\">Python Example<\/h3>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-20b4807 elementor-widget elementor-widget-code-highlight\" data-id=\"20b4807\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-python \">\n\t\t\t\t<code readonly=\"true\" class=\"language-python\">\n\t\t\t\t\t<xmp>import hmac\nimport hashlib\nimport json\nfrom flask import Flask, request, abort\n\napp = Flask(__name__)\n\nAPI_KEY = \"your_api_key_here\"  # your Outscraper API key\n\ndef generate_hmac_sha256(secret: str, data: str) -> str:\n    return hmac.new(secret.encode(\"utf-8\"), data.encode(\"utf-8\"), hashlib.sha256).hexdigest()\n\n@app.route(\"\/webhooks\", methods=[\"POST\"])\ndef webhook():\n    # Raw JSON payload as text\n    payload = request.get_data(as_text=True)\n    # Signature header from Outscraper\n    signature_header = request.headers.get(\"X-Hub-Signature-256\", \"\")\n\n    # Compute expected signature\n    expected_signature = \"sha256=\" + generate_hmac_sha256(API_KEY, payload)\n\n    # Secure comparison\n    if not hmac.compare_digest(signature_header, expected_signature):\n        abort(401, \"Invalid signature\")\n\n    data = json.loads(payload)\n    print(\"Verified payload:\", data)\n\n    return \"ok\", 200\n<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-15df986 elementor-widget elementor-widget-text-editor\" data-id=\"15df986\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 data-start=\"2916\" data-end=\"2935\">Node.js Example<span style=\"font-size: 18px;\"><\/span><\/h3>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-60fbde2 elementor-widget elementor-widget-code-highlight\" data-id=\"60fbde2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-javascript \">\n\t\t\t\t<code readonly=\"true\" class=\"language-javascript\">\n\t\t\t\t\t<xmp>const crypto = require(\"crypto\");\nconst express = require(\"express\");\nconst bodyParser = require(\"body-parser\");\n\nconst app = express();\napp.use(bodyParser.json({ verify: (req, res, buf) => { req.rawBody = buf.toString() } }));\n\nconst API_KEY = \"your_api_key_here\"; \/\/ your Outscraper API key\n\nfunction generateHmacSha256(secret, data) {\n  return crypto.createHmac(\"sha256\", secret).update(data, \"utf8\").digest(\"hex\");\n}\n\napp.post(\"\/webhooks\", (req, res) => {\n  const signature = req.headers[\"x-hub-signature-256\"];\n  const expected = \"sha256=\" + generateHmacSha256(API_KEY, req.rawBody);\n\n  if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) {\n    return res.status(401).send(\"Invalid signature\");\n  }\n\n  console.log(\"Verified payload:\", req.body);\n  res.send(\"ok\");\n});\n\napp.listen(3000, () => console.log(\"Webhook listener running on port 3000\"));\n<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-612e8b6 elementor-widget elementor-widget-text-editor\" data-id=\"612e8b6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 data-start=\"2916\" data-end=\"2935\">PHP Example<span style=\"font-size: 18px;\"><\/span><\/h3>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3314e70 elementor-widget elementor-widget-code-highlight\" data-id=\"3314e70\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-php \">\n\t\t\t\t<code readonly=\"true\" class=\"language-php\">\n\t\t\t\t\t<xmp><?php\n$API_KEY = \"your_api_key_here\"; \/\/ your Outscraper API key\n\n\/\/ Get raw POST body\n$payload = file_get_contents(\"php:\/\/input\");\n\n\/\/ Get signature from headers\n$signatureHeader = $_SERVER[\"HTTP_X_HUB_SIGNATURE_256\"] ?? \"\";\n\n\/\/ Compute expected signature\n$expectedSignature = \"sha256=\" . hash_hmac(\"sha256\", $payload, $API_KEY);\n\n\/\/ Compare securely\nif (!hash_equals($expectedSignature, $signatureHeader)) {\n    http_response_code(401);\n    die(\"Invalid signature\");\n}\n\n\/\/ Decode and process verified payload\n$data = json_decode($payload, true);\nerror_log(\"Verified payload: \" . print_r($data, true));\n\nhttp_response_code(200);\necho \"ok\";\n<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-932bd3a elementor-widget elementor-widget-text-editor\" data-id=\"932bd3a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"3837\" data-end=\"3880\">Step 4. What to Do if Verification Fails<\/h2><p data-start=\"3882\" data-end=\"3934\">If the computed signature does not match the header:<\/p><ul data-start=\"3935\" data-end=\"4052\"><li data-start=\"3935\" data-end=\"3979\"><p data-start=\"3937\" data-end=\"3979\">Reject the request (<code data-start=\"3957\" data-end=\"3975\">401 Unauthorized<\/code>).<\/p><\/li><li data-start=\"3980\" data-end=\"4020\"><p data-start=\"3982\" data-end=\"4020\">Log the attempt for debugging\/audit.<\/p><\/li><li data-start=\"4021\" data-end=\"4052\"><p data-start=\"4023\" data-end=\"4052\">Do not process the payload.<\/p><\/li><\/ul><h2 data-start=\"4059\" data-end=\"4077\">Step 5. Testing<\/h2><p data-start=\"4079\" data-end=\"4240\">You can test your verification logic by triggering a webhook from Outscraper.<br data-start=\"4156\" data-end=\"4159\" \/>The signature will always validate correctly as long as you use your <strong data-start=\"4228\" data-end=\"4239\">API key<\/strong>.<\/p><h2 data-start=\"4247\" data-end=\"4257\">Summary<\/h2><ul data-start=\"4259\" data-end=\"4540\"><li data-start=\"4259\" data-end=\"4321\"><p data-start=\"4261\" data-end=\"4321\">All Outscraper webhooks are signed using <strong data-start=\"4302\" data-end=\"4318\">your API key<\/strong>.<\/p><\/li><li data-start=\"4322\" data-end=\"4405\"><p data-start=\"4324\" data-end=\"4355\">Verify requests by computing:<\/p><div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\"><div class=\"sticky top-9\"><div class=\"absolute end-0 bottom-0 flex h-9 items-center pe-2\"><div class=\"bg-token-bg-elevated-secondary text-token-text-secondary flex items-center gap-4 rounded-sm px-2 font-sans text-xs\"><\/div><\/div><\/div><div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"whitespace-pre!\"><span><span class=\"hljs-built_in\">sha256<\/span>(HMAC(api_key, raw_payload))<br \/>\n<\/span><\/code><\/div><\/div><\/li><li data-start=\"4407\" data-end=\"4477\"><p data-start=\"4409\" data-end=\"4477\">Compare the computed digest with the <code data-start=\"4446\" data-end=\"4467\">X-Hub-Signature-256<\/code> header.<\/p><\/li><li data-start=\"4478\" data-end=\"4540\"><p data-start=\"4480\" data-end=\"4540\">Only process verified requests to keep your system secure.<\/p><\/li><\/ul><h2 data-start=\"247\" data-end=\"260\">References<\/h2><p data-start=\"262\" data-end=\"372\">The method Outscraper uses is the same approach trusted by major platforms for verifying webhook authenticity:<\/p><ul data-start=\"374\" data-end=\"1079\"><li data-start=\"374\" data-end=\"564\"><p data-start=\"376\" data-end=\"564\"><a data-start=\"376\" data-end=\"492\" rel=\"noopener\" target=\"_new\" class=\"decorated-link cursor-pointer\">GitHub Webhooks: Securing your webhooks<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/span><\/a> \u2013 GitHub uses the same <code data-start=\"516\" data-end=\"537\">X-Hub-Signature-256<\/code> header with HMAC-SHA256.<\/p><\/li><li data-start=\"736\" data-end=\"894\"><p data-start=\"738\" data-end=\"894\"><a data-start=\"738\" data-end=\"831\" rel=\"noopener\" target=\"_new\" class=\"decorated-link cursor-pointer\">Twilio: Validating Requests<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/span><\/a> \u2013 Twilio validates all webhook requests via HMAC signatures.<\/p><\/li><li data-start=\"895\" data-end=\"1079\"><p data-start=\"897\" data-end=\"1079\"><a data-start=\"897\" data-end=\"1003\" rel=\"noopener\" target=\"_new\" class=\"decorated-link cursor-pointer\">Slack: Verifying requests from Slack<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/span><\/a> \u2013 Slack signs requests with a shared secret and requires HMAC validation.<\/p><\/li><\/ul><p data-start=\"1081\" data-end=\"1218\">These examples show that verifying webhook signatures with HMAC-SHA256 is the standard way to confirm authenticity and prevent tampering.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>When you configure a webhook URL in your Outscraper integration settings, our system will automatically send a POST request with the scraped results to that URL whenever a task\/reuqest is finished.<\/p>","protected":false},"author":6,"featured_media":35974,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[88,92,90],"tags":[262,152,451,579],"class_list":["post-35959","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-api","category-python","category-tutorials","tag-api","tag-outscraper","tag-webhook","tag-webhook-verification"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/posts\/35959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/comments?post=35959"}],"version-history":[{"count":2,"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/posts\/35959\/revisions"}],"predecessor-version":[{"id":41543,"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/posts\/35959\/revisions\/41543"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/media\/35974"}],"wp:attachment":[{"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/media?parent=35959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/categories?post=35959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/outscraper.com\/es\/wp-json\/wp\/v2\/tags?post=35959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}