Every webhook request from Loop now includes an X-Loop-Signature header, an HMAC-SHA256 signature generated using a secret unique to that webhook. You compute the same signature on your end and compare it to confirm the payload is genuinely from Loop.

Without verification, spoofed payloads could hit your endpoint and trigger unintended actions. Signature validation closes that gap and keeps your integration secure.

Learn more