Skip to content

Commit f11f237

Browse files
authored
Merge pull request #40547 from github/repo-sync
Repo sync
2 parents 5e5b8a8 + e8637f1 commit f11f237

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

content/webhooks-and-events/webhooks/securing-your-webhooks.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,23 @@ Your language and server implementations may differ from the following examples.
6464

6565
- Using a plain `==` operator is **not advised**. A method like [`secure_compare`][secure_compare] performs a "constant time" string comparison, which helps mitigate certain timing attacks against regular equality operators.
6666

67+
### Test values
68+
69+
Regardless of the programming language that you use to implement HMAC verification in your code, you can use the following `secret` and `payload` values to verify that your implementation is correct.
70+
71+
- secret: "It's a Secret to Everybody"
72+
- payload: "Hello, World!"
73+
74+
If your implementation is correct and uses the SHA-256 algorithm, the signatures that you generate should match the following signature values:
75+
76+
- signature: 757107ea0eb2509fc211221cce984b8a37570b6d7586c22c46f4379c8b043e17
77+
- x-hub-signature: sha256=757107ea0eb2509fc211221cce984b8a37570b6d7586c22c46f4379c8b043e17
78+
79+
If your implementation is correct and uses the SHA-1 algorithm, the signatures that you generate should match the following signature values:
80+
81+
- signature: 01dc10d0c83e72ed246219cdd91669667fe2ca59
82+
- x-hub-signature: sha1=01dc10d0c83e72ed246219cdd91669667fe2ca59
83+
6784
### Ruby example
6885

6986
For example, you can define the following `verify_signature` function:

0 commit comments

Comments
 (0)