Security

All the HTTP request to the target url is signed on the header with this algotithm

crypto.createHmac('sha256', token).update(body).digest('hex');

where

• token, is the Tilby token used to configure the webhook
• body, is the body of the event

The use of this security control is not mandatory, but enables external platforms to verify that the HTTP request come from the Tilby cloud.