Webhook Verifier

This is an interactive debugging tool to help you verify if your HMAC-SHA256 signature algorithm implementation is correct.

You can input a custom key, timestamp, and body, and the tool will calculate the GStable standard signature result in real-time.

Use Cases

• Development Phase: Verify if the signature generated by your backend code matches here.
• Debugging Phase: When you receive an Invalid signature error, paste the real Webhook data here to check where the problem lies.

Signing Secret (Key)

Timestamp (Header: x-gstable-timestamp)

Raw Body{"eventId":"evt_001","type":"ping"}

STRING TO SIGN

CALCULATED SIGNATURE (HMAC-SHA256)

---

Static Test Vectors

You can copy the following data into your unit tests to verify if your HMAC-SHA256 implementation is correct.

• Signing Secret: wkk_test_123456
• Timestamp: 1767514235000
• Raw Body: {"eventId":"evt_001","type":"ping"}

Constructed String to Sign:

1767514235000:{"eventId":"evt_001","type":"ping"}

Expected Signature:

cdd676f1366395982239396f995483244260251942962299596522522555558a

Algorithm Review

The calculation logic behind this tool is as follows:

1. Concatenate String: Timestamp + : + RawBody
2. Encryption Algorithm: HMAC-SHA256 (Standard SHA256, not Keccak)
3. Key: Your Webhook Signing Secret (wkk_...)

If you need to view specific code implementation logic, please read Security Verification.