Skip to main content

Signature Verification

Use the signature to verify that the request has not been tampered with. To verify the signature, you need your Cashfree PG secret key and the payload. Timestamp is present in the header: x-webhook-timestamp
timestamp := 1617695238078;
signedPayload := timestamp.timestamp.payload; expectedSignature := Base64Encode(HMACSHA256(signedPayload,signedPayload, merchantSecretKey));