Integrations
Verifying webhooks
Make sure webhook requests really come from DigiParser.
Verifying webhooks
When you turn on Webhook export for a parser, DigiParser sends events to your endpoints through our provider, Svix.
Each webhook request includes headers and is signed with a signing secret. You can use this to make sure:
- the request really came from DigiParser, and
- the payload body was not changed in transit.
Find your signing secret
- Open your parser and go to Settings → Integrations.
- Under Added Integrations, expand Webhook export, then expand the endpoint you want.
- You’ll see a Signing secret value. Use Copy to copy it.
This secret is different for every endpoint.
Headers sent with each request
Every webhook request includes these headers:
svix-id: <unique message id>
svix-timestamp: <timestamp in seconds>
svix-signature: <HMAC signature>Your server should:
- Read the raw HTTP request body as a string.
- Read the three headers above.
- Use the signing secret and headers to verify the signature.
Verifying in code
The easiest way to verify webhooks is to use the official Svix libraries. They handle all the details for you.
High‑level steps:
- Install the Svix library in your backend (for example, using npm, pip, etc.).
- Create a
Webhookverifier with your endpoint’s signing secret. - Pass the raw body and headers to the verifier.
- If verification fails, reject the request (e.g. return HTTP 400 or 401).
You can find language‑specific examples in the Svix docs:
Share those links, together with your signing secret, with your developer. They can plug verification into your existing server or workflow.
Response requirements
- Respond with 2xx (for example 200 OK) once you’ve successfully received the webhook.
- If you need to do heavy work, store the payload first and process it asynchronously so the response can be quick.
How is this guide?