When receiving webhooks from Blaaiz, it is crucial to ensure the integrity and authenticity of the payload. Each webhook notification includes a signature that you can use to verify that the request originates from Blaaiz and has not been tampered with during transmission.
This verification process involves generating a signature on your server using your dedicated webhook signing_secret and comparing it to the signature included in the webhook request headers.
By implementing this verification, you can protect your application from malicious actors and ensure that you are processing legitimate events. The following pages demonstrate how to verify the signature of the webhook payload securely in different programming languages.
Your webhook signing_secret is separate from your OAuth client_secret.
Use the OAuth client_secret only for /oauth/token, and use the webhook
signing_secret only for verifying x-blaaiz-signature.
Blaaiz webhook IP address
All webhooks from Blaaiz are sent from the following IP address:
You can whitelist this IP address in your firewall or server configuration to add an additional layer of security by ensuring webhook requests only come from Blaaiz. 
